PHPAlbum 0.2.3/4.1 - Local File Include Vulnerability

2014-07-01T00:00:00
ID SSV:80296
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/15651/info

phpAlbum is prone to a local file-include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process.

Note that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the webserver.

phpAlbum 0.2.3 and prior versions are vulnerable.

http://www.example.com/main.php?cmd=../
http://www.example.com/main.php?cmd=album&var1=../