CVE-2017-20248
HighCVSS 7.5Summary
Apptha Slider Gallery version 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
Risk Assessment
This vulnerability poses a risk of exposing sensitive data, which could lead to serious security breaches within the organization. Attackers may exploit this flaw to download configuration files or other critical data.
Recommendation
It is recommended to update Apptha Slider Gallery to the latest version that addresses this vulnerability. Additionally, implementing access controls to files and monitoring logs for potential attack attempts is advisable.
Original NVD description (English source)
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.

