header-logo
Suggest Exploit
vendor:
phpAlbum
by:
7.5
CVSS
HIGH
Local File Include
CWE
Product Name: phpAlbum
Affected Version From: 2000.2.3
Affected Version To: 2000.2.3
Patch Exists: NO
Related CWE:
CPE: a:phpalbum:phpalbum:0.2.3
Metasploit:
Other Scripts:
Platforms Tested:

Local File Include Vulnerability in phpAlbum

An attacker can execute arbitrary server-side script code or read arbitrary files on an affected computer with the privileges of the webserver process.

Mitigation:

Update to phpAlbum version 0.2.4 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15651/info

phpAlbum is prone to a local file-include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process.

Note that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the webserver.

phpAlbum 0.2.3 and prior versions are vulnerable.

http://www.example.com/main.php?cmd=../
http://www.example.com/main.php?cmd=album&var1=../

Navigation

Suggest Exploit

Services By CQR