PHP Photo Album 0.2.3/4.1 - Local File Inclusion

EDB-ID:

26668




Platform:

PHP

Date:

2005-11-30


source: https://www.securityfocus.com/bid/15651/info

phpAlbum is prone to a local file-include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process.

Note that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the webserver.

phpAlbum 0.2.3 and prior versions are vulnerable.

http://www.example.com/main.php?cmd=../
http://www.example.com/main.php?cmd=album&var1=../