Unrated severityNVD Advisory· Published Dec 14, 2011· Updated Apr 29, 2026
CVE-2011-4807
CVE-2011-4807
Description
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
Affected products
18cpe:2.3:a:phpalbum:phpalbum:*:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:phpalbum:phpalbum:*:*:*:*:*:*:*:*range: <=0.4.1.16
- cpe:2.3:a:phpalbum:phpalbum:0.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.3.1:fix01:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.3.1:fix02:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1.14:*:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix01:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix02:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix03:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix05:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix06:*:*:*:*:*:*
- cpe:2.3:a:phpalbum:phpalbum:0.4.1.15:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.exploit-db.com/exploits/18045nvdExploit
News mentions
0No linked articles in our index yet.