CVE Catalog

CVE-2017-20248

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

Apptha Slider Gallery version 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.

Risk Assessment

This vulnerability poses a risk of exposing sensitive data, which could lead to serious security breaches within the organization. Attackers may exploit this flaw to download configuration files or other critical data.

Recommendation

It is recommended to update Apptha Slider Gallery to the latest version that addresses this vulnerability. Additionally, implementing access controls to files and monitoring logs for potential attack attempts is advisable.

Original NVD description (English source)

Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS