CVE-2010-4406

Brunetton LittlePhpGallery 1.0.2 - Path Traversal via Repertoire Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4406. PoCs published by kire bozorge khavarmian.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability in littlePhpGallery 1.0.2, allowing an attacker to traverse directories and disclose arbitrary files on the server.

Description

Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by kire bozorge khavarmian · textwebappsphp
https://www.exploit-db.com/exploits/15656

This exploit demonstrates a local file inclusion vulnerability in littlePhpGallery 1.0.2, allowing an attacker to traverse directories and disclose arbitrary files on the server.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: littlePhpGallery 1.0.2
No auth needed
Prerequisites: Access to the vulnerable web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/45143
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42444
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/15656
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/69564

Scores

EPSS 0.0195
EPSS Percentile 77.8%

Details

CWE
CWE-22
Status published
Products (1)
brunetton/littlephpgallery 1.0.2
Published Dec 06, 2010
Tracked Since Feb 18, 2026