MiniGal Nano Path Traversal Vulnerability in Photo Directory

Vulnerability

A path traversal vulnerability has been identified in MiniGal Nano versions through 0.3.5. The issue resides in index.php, where the dir parameter is manipulated to traverse the file system. Although the application attempts to sanitize user input by removing dot-dot sequences, this measure can be circumvented with specially crafted directory patterns. Exploiting this vulnerability allows an attacker to access and disclose image files from unintended locations on the server that are readable by the web server.

Impact

Exploitation of this vulnerability leads to unauthorized enumeration and disclosure of image files from sensitive or unintended locations on the file system.

Added: Feb 11, 2026, 5:01 PM

Updated: Feb 11, 2026, 6:12 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

7.4

remediation

0.0

relevance

2.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiniGal Nano Path Traversal Vulnerability in Photo Directory

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating