This host is running TCW PHP Album and is prone to multiple input validation vulnerabilities.

Successful exploitation may allow an attacker to run HTML or JavaScript code in the context of the affected site, or exploit latent vulnerabilities in the underlying database. Impact Level: Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

The flaws are caused by improper validation of user-supplied input passed via the 'album' parameter to 'index.php', which allows attackers to perform cross-site scripting, SQL-injection, and HTML-Injection attacks.

TCW PHP Album Version 1.0

• http://www.exploit-db.com/exploits/14203
• http://www.vupen.com/english/advisories/2010/1696
• http://xforce.iss.net/xforce/xfdb/60078
• http://xforce.iss.net/xforce/xfdb/60079

---

Updated on 2015-03-25