VYPR

Phpalbum

by Phpalbum.net

CVEs (5)

  • CVE-2006-6613Dec 18, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in…

  • CVE-2006-4498Aug 31, 2006
    risk 0.03cvss epss 0.03

    PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.

  • CVE-2006-1839Apr 19, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.

  • CVE-2005-3948Dec 1, 2005
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.

  • CVE-2007-1456Mar 14, 2007
    risk 0.00cvss epss 0.01

    PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it…