PhpAlbum Multiple Security Vulnerabilities Network Vulnerability

Summary

phpAlbum is prone to an arbitrary-file-download vulnerability, multiple cross-site scripting vulnerabilities, and multiple PHP code- injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker can exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, inject and execute arbitrary malicious PHP code, or download arbitrary files within the context of the webserver process. PhpAlbum 0.4.1.16 is vulnerable other versions may also be affected.

References

http://secunia.com/advisories/44078
http://www.exploit-db.com/exploits/18045/
http://www.phpalbum.net/dw
http://www.securityfocus.com/bid/50437

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4806, CVE-2011-4807

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Afian 'includer.php' Directory Traversal Vulnerability
An Image Gallery Directory Traversal Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
Adobe ColdFusion Unspecified Information Disclosure Vulnerability
Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability

phpAlbum Multiple Security Vulnerabilities

Take action and discover your vulnerabilities