2006-04-26 18:00:00
mitre
PUBLISHED
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.