CVE-2006-3210

Published: Jun 24, 2006Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when register_globals is enabled, allows remote attackers to conduct PHP remote file inclusion and directory traversal attacks via URLs or ".." sequences in the (1) dir_abs_src parameter in (a) check_entry.php, (b) admin_album.php, (c) admin_image.php, and (d) admin_util.php; and the (2) dir_abs_admin_src parameter in admin_album.php and admin_image.php. NOTE: this issue can be leveraged to conduct cross-site scripting (XSS) attacks.

Affected (7)

Products: Le Ralf: Ralf Image Gallery

1 product

Ralf Image Gallery

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Le Ralf Ralf Image Gallery	Version 0.6.5
Le Ralf Ralf Image Gallery	Version 0.7.1
Le Ralf Ralf Image Gallery	Version 0.7.2
Le Ralf Ralf Image Gallery	Version 0.7.3
Le Ralf Ralf Image Gallery	Version 0.7.4
Le Ralf Ralf Image Gallery	Version 0.7.5
Le Ralf Ralf Image Gallery	Version 0.7

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (30)

http://rig.powerpulsar.com/#news

Source: cve@mitre.org

http://secunia.com/advisories/20771

Source: cve@mitre.org

PatchVendor Advisory

http://securityreason.com/securityalert/1136

Source: cve@mitre.org

http://www.majorsecurity.de/advisory/major_rls18.txt

Source: cve@mitre.org

http://www.osvdb.org/26753

Source: cve@mitre.org

http://www.osvdb.org/26754

Source: cve@mitre.org

http://www.osvdb.org/26755

Source: cve@mitre.org

http://www.osvdb.org/26756

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/437818/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/438645/100/100/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18548

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/2477

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27256

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27257

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/27259

Source: cve@mitre.org

http://rig.powerpulsar.com/#news

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/20771

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://securityreason.com/securityalert/1136

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.majorsecurity.de/advisory/major_rls18.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26753

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26754

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26755

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/26756

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/437818/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/438645/100/100/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/18548

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/2477

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/27256

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/27257

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/27259

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.