CVE-2017-20250
HighCVSS 7.5Summary
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.
Risk Assessment
This vulnerability poses a risk of exposing sensitive data, which could lead to further attacks on the system. Organizations should be aware of the potential consequences of unauthorized access to files.
Recommendation
It is recommended to update Mac Photo Gallery to the latest version to eliminate this vulnerability. Additionally, implementing appropriate security measures to restrict access to critical files is advisable.
Original NVD description (English source)
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

