3 matches found
CVE-2011-4807
CVE-2011-4807: A directory traversal flaw in phpAlbum 0.4.1.16 and earlier affects main.php, allowing remote attackers to read arbitrary files via .. in the var1 parameter. This is supported by multiple sources (NVD/Red Hat/CVE List) and an exploit-db entry exists. Affected software: phpAlbum (sp...
CVE-2011-4806
Affected product: phpAlbum (version 0.4.1.16 and earlier). Vulnerability: Multiple cross-site scripting (XSS) flaws in main.php allow remote injection of arbitrary web script or HTML via (1) var1 and (2) keyword parameters. Root cause: insufficient input sanitization in main.php. Impact: As descr...
CVE-2011-3770
CVE-2011-3770 affects phpAlbum 0.4.1.14 and allows information disclosure via a direct request to certain .php files, revealing the installation path in an error message (notably themes/Flowing_Dark/parameters.tpl.php and other files). The NVD entry documents the vulnerability as a path disclosur...