WEBalbum Local File Include Vulnerability Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by a local file include vulnerability. Description : The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/inc_main.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local files or include a local file that contains commands which will be executed on the remote host subject to the privileges of the web server process. This flaw is only exploitable if PHP's 'magic_quotes_gpc' is disabled.

Solution

Unknown at this time.

Severity

Classification

CVE CVE-2006-1480

CVSS	Base Score: 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Struts2 'XWork' Information Disclosure Vulnerability
AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Apache Rave User Information Disclosure Vulnerability
Apache Archiva Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities