CVE-2010-2334

Yamamah - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by mat · textwebappsphp

https://www.exploit-db.com/exploits/13856

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/13845

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/40150

[Exploit] http://www.exploit-db.com/exploits/13856

[Patch, Vendor Advisory] http://www.yamamah.org/home/?page=39

[Third Party Advisory, VDB Entry] http://osvdb.org/65479

Scores

EPSS 0.0217

EPSS Percentile 84.4%

Details

CWE

CWE-22

Status published

Products (1)

yamamah/yamamah 1.00

Published Jun 18, 2010

Tracked Since Feb 18, 2026