CVE-2010-2334

Yamamah Photo Gallery 1.00 - Path Traversal via Download Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-2334. PoCs published by mat.

AI-analyzed exploit summary This exploit demonstrates a local file disclosure vulnerability in Yamamah Photo Gallery 1.00 via the 'download.php' script. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'download' parameter with directory traversal sequences.

Description

Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by mat · textwebappsphp

https://www.exploit-db.com/exploits/13856

View Code ZIP pw:eip

This exploit demonstrates a local file disclosure vulnerability in Yamamah Photo Gallery 1.00 via the 'download.php' script. The vulnerability allows an attacker to read arbitrary files on the server by manipulating the 'download' parameter with directory traversal sequences.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Yamamah Photo Gallery 1.00

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/13845

View Code ZIP pw:eip

The exploit demonstrates SQL injection and local file inclusion vulnerabilities in Yamamah 1.00. It includes functional PoC URLs for blind SQLi and arbitrary file disclosure via the 'download' parameter.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Yamamah 1.00

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/13856

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40150

Patch, Vendor Advisory x_refsource_confirm

http://www.yamamah.org/home/?page=39

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/65479

Scores

EPSS 0.0318

EPSS Percentile 86.4%

Details

CWE

CWE-22

Status published

Products (1)

yamamah/yamamah 1.00

Published Jun 18, 2010

Tracked Since Feb 18, 2026