PHPAlbum Language.PHP File Include Vulnerability
BID:17526
Info
PHPAlbum Language.PHP File Include Vulnerability
| Bugtraq ID: | 17526 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1839 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2006 12:00AM |
| Updated: | Nov 05 2008 05:05PM |
| Credit: | rgod is credited with the discovery of this vulnerability. |
| Vulnerable: |
phpAlbum.net phpalbum 0.3.2 .3 phpAlbum.net phpalbum 0.2.3 phpAlbum.net phpalbum 4.1 |
| Not Vulnerable: |
phpAlbum.net phpalbum 4.1.14 |
Discussion
PHPAlbum Language.PHP File Include Vulnerability
phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
phpAlbum 0.3.2.3 and prior versions are affected.
phpAlbum is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input.
An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. This may facilitate unauthorized access.
phpAlbum 0.3.2.3 and prior versions are affected.
Exploit / POC
PHPAlbum Language.PHP File Include Vulnerability
No exploit is required.
The following proof of concept is available:
No exploit is required.
The following proof of concept is available:
Solution / Fix
PHPAlbum Language.PHP File Include Vulnerability
Solution:
The vendor released an update to address this issue. Please see the references for more information.
Solution:
The vendor released an update to address this issue. Please see the references for more information.