Unrated severityNVD Advisory· Published Dec 6, 2010· Updated Jun 16, 2026
CVE-2010-4406
CVE-2010-4406
Description
Directory traversal vulnerability in gallery.php in Brunetton LittlePhpGallery 1.0.2, when magic_quotes_gpc is disabled, allows remote attackers to list, include, and execute arbitrary local files via a ..// (dot dot slash slash) in the repertoire parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:brunetton:littlephpgallery:1.0.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:brunetton:littlephpgallery:1.0.2:*:*:*:*:*:*:*
- (no CPE)range: =1.0.2
Patches
Vulnerability mechanics
References
5- packetstormsecurity.org/files/view/96296/littlephpgallery-lfi.txtnvdExploit
- www.exploit-db.com/exploits/15656nvdExploit
- secunia.com/advisories/42444nvdVendor Advisory
- osvdb.org/69564nvd
- www.securityfocus.com/bid/45143nvd
News mentions
0No linked articles in our index yet.