VYPR
Vendor

Phpalbum

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2011-4807Dec 14, 2011
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.

  • CVE-2011-4806Dec 14, 2011
    risk 0.03cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.

  • CVE-2006-6613Dec 18, 2006
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. (dot dot) in…

  • CVE-2006-1839Apr 19, 2006
    risk 0.03cvss epss 0.06

    PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.

  • CVE-2005-3948Dec 1, 2005
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.

  • CVE-2011-3770Sep 24, 2011
    risk 0.00cvss epss 0.01

    phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files.