CVE-2004-2222
Description
Directory traversal in FsPHPGallery before 1.2 allows remote unauthenticated attackers to list arbitrary directories via the dir parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Directory traversal in FsPHPGallery before 1.2 allows remote unauthenticated attackers to list arbitrary directories via the dir parameter.
Vulnerability
Directory traversal vulnerability in index.php of FsPHPGallery versions before 1.2 allows remote attackers to list arbitrary directories via the dir parameter. The application fails to properly sanitize user input, enabling path traversal sequences such as ../ to escape the intended gallery directory [1].
Exploitation
An attacker can exploit this by sending a crafted HTTP request to index.php with a dir parameter containing path traversal sequences (e.g., ?dir=../../etc/). No authentication is required, and the attacker only needs network access to the vulnerable web server [1].
Impact
Successful exploitation results in the disclosure of arbitrary directory listings on the server, potentially exposing sensitive files and system configuration information [1].
Mitigation
Upgrade to FsPHPGallery version 1.2 or later, where the input sanitization has been implemented to block path traversal attempts [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2<1.2+ 1 more
- (no CPE)range: <1.2
- (no CPE)range: <1.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6News mentions
0No linked articles in our index yet.