cvedb.io
CVE-2026-25869
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-02-11T16:16:06.813 · Last modified 2026-06-17T10:25:21.087

Summary

MiniGal Nano versions 0.3.5 and prior contain a path traversal vulnerability in index.php via the dir parameter. The application appends user-controlled input to the photos directory and attempts to prevent traversal by removing dot-dot sequences, but this protection can be bypassed using crafted directory patterns. An attacker can exploit this behavior to cause the application to enumerate and display image files from unintended filesystem locations that are readable by the web server, resulting in unintended information disclosure.

Affected products

rybber — minigal_nano

Does this affect you?

Add your gear to cvedb and we'll alert you only when rybber ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.