CVE-2006-1219

Gallery < 2.0.4 and 2.1 < RC-2a - Directory Traversal via stepOrder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1219. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a file inclusion vulnerability in Gallery 2.0.3 and earlier, allowing remote command execution by uploading a malicious watermark file and leveraging the 'stepOrder[]' parameter to include and execute it.

Description

Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2) install/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1566

View Code ZIP pw:eip

This exploit targets a file inclusion vulnerability in Gallery 2.0.3 and earlier, allowing remote command execution by uploading a malicious watermark file and leveraging the 'stepOrder[]' parameter to include and execute it.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Gallery <= 2.0.3

Auth required

Prerequisites: register_globals = On · magic_quotes_gpc = Off · valid user credentials

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

http://gallery.menalto.com/2.0.4_and_2.1_rc_2a_update

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/0895

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25129

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/1566

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17051

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/19175

Scores

EPSS 0.0375

EPSS Percentile 88.4%

Details

Status published

Products (14)

gallery_project/gallery 2.0

gallery_project/gallery 2.0.1

gallery_project/gallery 2.0.2

gallery_project/gallery 2.0.3

gallery_project/gallery 2.0_alpha

gallery_project/gallery 2.0_alpha1

gallery_project/gallery 2.0_alpha2

gallery_project/gallery 2.0_alpha3

gallery_project/gallery 2.0_alpha4

gallery_project/gallery 2.0_beta1

... and 4 more

Published Mar 14, 2006

Tracked Since Feb 18, 2026