FsPHPGallery index.php dir Parameter Traversal Arbitrary Directory Listing
Remote / Network Access
Loss of Confidentiality
FsPHPGallery index.php dir parameter contains a flaw that may allow a malicious user to view directory listings. The issue is triggered when input passed to the 'dir' parameter in index.php is not properly sanitized. It is possible that the flaw may allow information disclosure resulting in a loss of confidentiality.
Upgrade to version 1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.