Unrated severityNVD Advisory· Published Mar 29, 2006· Updated Apr 16, 2026

CVE-2006-1480

Description

Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.

Affected products

Web Album/Webalbum
cpe:2.3:a:duda:webalbum:*:*:*:*:*:*:*:*
Range: <=2.02

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/19400nvdExploitVendor Advisory
www.securityfocus.com/bid/17228nvdExploit
www.osvdb.org/24160nvd
www.vupen.com/english/advisories/2006/1108nvd
exchange.xforce.ibmcloud.com/vulnerabilities/25443nvd
www.exploit-db.com/exploits/1608nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000