MAlbum Index.PHP Directory Traversal Vulnerability
BID:21241
Info
MAlbum Index.PHP Directory Traversal Vulnerability
| Bugtraq ID: | 21241 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 21 2006 12:00AM |
| Updated: | Nov 28 2006 07:29PM |
| Credit: | Tux25 is credited with the discovery of this vulnerability. |
| Vulnerable: |
mAlbum mAlbum 0.3 |
| Not Vulnerable: | |
Discussion
MAlbum Index.PHP Directory Traversal Vulnerability
mAlbum is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
mAlbum is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data.
Exploiting this issue may allow an attacker to access sensitive information that could aid in further attacks.
Exploit / POC
MAlbum Index.PHP Directory Traversal Vulnerability
An attacker can exploit this issue via a web client.
An attacker can exploit this issue via a web client.
Solution / Fix
References
MAlbum Index.PHP Directory Traversal Vulnerability
References:
References:
- mAlbum (Vendor Homepage)
- mAlbum v0.3 local file inclusion ([email protected])