PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability

2005-11-30T00:00:00
ID EDB-ID:26668
Type exploitdb
Reporter r0t3d3Vil
Modified 2005-11-30T00:00:00

Description

PHPAlbum 0.2.3/4.1 Local File Include Vulnerability. CVE-2005-3948. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/15651/info

phpAlbum is prone to a local file-include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process.

Note that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the webserver.

phpAlbum 0.2.3 and prior versions are vulnerable.

http://www.example.com/main.php?cmd=../
http://www.example.com/main.php?cmd=album&var1=../