Webalbum
by Web Album
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2006-1480 | 0.04 | — | 0.07 | Mar 29, 2006 | Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | ||
| CVE-2009-0446 | 0.03 | — | 0.00 | Feb 10, 2009 | SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2008-2698 | 0.00 | — | 0.00 | Jun 13, 2008 | Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter. |
- CVE-2006-1480Mar 29, 2006risk 0.04cvss —epss 0.07
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
- CVE-2009-0446Feb 10, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in photo.php in WEBalbum 2.4b allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2008-2698Jun 13, 2008risk 0.00cvss —epss 0.00
Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php (aka the "add comment" section) in WEBalbum 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) id, or (3) category parameter.