vendor:
PhotoDiary
by:
cOndemned
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: PhotoDiary
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: No
Related CWE: N/A
CPE: photodiary:photodiary
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2011
PhotoDiary 1.3 (lng) Local File Inclusion Vulnerability
PhotoDiary 1.3 is vulnerable to a Local File Inclusion vulnerability due to insufficient sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious 'lng' parameter. This parameter is used to include a file from the web server's file system. By manipulating the 'lng' parameter, an attacker can include arbitrary files from the web server's file system.
Mitigation:
Ensure that user-supplied input is properly sanitized and validated before being used to include files.