CVE Catalog

CVE-2017-20250

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Summary

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

Risk Assessment

This vulnerability poses a risk of exposing sensitive data, which could lead to further attacks on the system. Organizations should be aware of the potential consequences of unauthorized access to files.

Recommendation

It is recommended to update Mac Photo Gallery to the latest version to eliminate this vulnerability. Additionally, implementing appropriate security measures to restrict access to critical files is advisable.

Original NVD description (English source)

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS