CVE-2006-3194

singapore <= 0.10.0 - Directory Traversal via Gallery and Template Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3194. PoCs published by simo64.

AI-analyzed exploit summary The provided text describes directory traversal and XSS vulnerabilities in Singapore Gallery, but does not include functional exploit code. It outlines the attack vectors and potential impacts without technical implementation details.

Description

Directory traversal vulnerability in index.php in singapore 0.10.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) gallery and (2) template parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by simo64 · textwebappsphp

https://www.exploit-db.com/exploits/28066

View Code ZIP pw:eip

The provided text describes directory traversal and XSS vulnerabilities in Singapore Gallery, but does not include functional exploit code. It outlines the attack vectors and potential impacts without technical implementation details.

Classification

Writeup 90%

Attack Type

Info Leak | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Singapore Gallery (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1006 - Direct Volume Access T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/18518

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/27325

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/20724

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1135

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/437716/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/2457

Scores

EPSS 0.0290

EPSS Percentile 85.1%

Details

Status published

Products (17)

singapore/singapore 0.9.1_beta

singapore/singapore 0.9.2_beta

singapore/singapore 0.9.3_beta

singapore/singapore 0.9.4_beta

singapore/singapore 0.9.5_beta

singapore/singapore 0.9.6_beta

singapore/singapore 0.9.7

singapore/singapore 0.9.7_beta

singapore/singapore 0.9.8_beta

singapore/singapore 0.9.9a_beta

... and 7 more

Published Jun 23, 2006

Tracked Since Feb 18, 2026