Phpalbum
by Phpalbum
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-4807 | 0.03 | — | 0.03 | Dec 14, 2011 | Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter. | |||
| CVE-2011-4806 | 0.03 | — | 0.01 | Dec 14, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters. | |||
| CVE-2006-6613 | 0.03 | — | 0.02 | Dec 18, 2006 | Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in… | |||
| CVE-2006-1839 | 0.03 | — | 0.06 | Apr 19, 2006 | PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call. | |||
| CVE-2005-3948 | 0.03 | — | 0.04 | Dec 1, 2005 | Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. | |||
| CVE-2011-3770 | 0.00 | — | 0.01 | Sep 24, 2011 | phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files. |
- CVE-2011-4807Dec 14, 2011risk 0.03cvss —epss 0.03
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
- CVE-2011-4806Dec 14, 2011risk 0.03cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
- CVE-2006-6613Dec 18, 2006risk 0.03cvss —epss 0.02
Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in…
- CVE-2006-1839Apr 19, 2006risk 0.03cvss —epss 0.06
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.
- CVE-2005-3948Dec 1, 2005risk 0.03cvss —epss 0.04
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.
- CVE-2011-3770Sep 24, 2011risk 0.00cvss —epss 0.01
phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files.