CVE-2007-1124

XeroXer Simple Gallery - Directory Traversal

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1124. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Simple one-file gallery, allowing arbitrary file access via path traversal. No actual exploit code is present, only a description and example URL.

Description

Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsphp

https://www.exploit-db.com/exploits/29642

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in Simple one-file gallery, allowing arbitrary file access via path traversal. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Simple one-file gallery (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable gallery.php endpoint

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/461080/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/32654

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22700

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2292

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/33760

Scores

EPSS 0.0276

EPSS Percentile 84.3%

Details

Status published

Products (1)

xeroxer/simple_one-file_gallery < 0.6

Published Feb 27, 2007

Tracked Since Feb 18, 2026