CVE-2005-3948
published 2005-12-01CVE-2005-3948: Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1…
PriorityP430medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.54%
87.8th percentile
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpalbum.net | phpalbum | <= 0.2.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP Photo Album 0.4.1.16 - Multiple Disclosure Vulnerabilities
exploitdb·2011-10-29
CVE-2011-4807 PHP Photo Album 0.4.1.16 - Multiple Disclosure Vulnerabilities
PHP Photo Album 0.4.1.16 - Multiple Disclosure Vulnerabilities
---
PHP Photo Album cmd=phpinfo
127 : )
Proof of Concept:
~ PoC : http://localhost/phpAlbum/main.php?cmd=phpinfo
~ PoC : http://localhost/demo3/main.php?keyword=hack&cmd=phpinfo
~ PoC 2 http://localhost/main.php?cmd=setquality&var1=[PHP Code Injection]
[-] Disclosure timeline:
[12/10/2011] - Vulnerabilities discovered
[14/10/2011] - Others vulnerabilities discovered
[15/10/2011] - Issues reported to http://black-hg.org
[29/10/2011] - Public disclosure
# Greets To :
Net.Edit0r ~ A.Cr0x ~ 3H34N ~ 4m!n ~ Cyrus ~ tHe.k!ll3r ~ 2MzRp ~
ArYaIeIrAn ~ Mikili
cmaxx ~ G3n3Rall ~ Mr.XHat ~ M4hd1 ~ Cru3l.b0y ~ HUrr!c4nE ~ r3v0lter
~ NoL1m1t
s3cure.p0rt ~ THANKS TO ALL Iranian HackerZ ./Persian Gulf
==========================
Exploit-DB
PHP Photo Album 0.2.3/4.1 - Local File Inclusion
exploitdb·2005-11-30
CVE-2005-3948 PHP Photo Album 0.2.3/4.1 - Local File Inclusion
PHP Photo Album 0.2.3/4.1 - Local File Inclusion
---
source: https://www.securityfocus.com/bid/15651/info
phpAlbum is prone to a local file-include vulnerability.
An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process.
Note that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the webserver.
phpAlbum 0.2.3 and prior versions are vulnerable.
http://www.example.com/main.php?cmd=../
http://www.example.com/main.php?cmd=album&var1=../
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/11/phpalbum-local-file-include-vuln.htmlhttp://www.osvdb.org/21410http://www.phpalbum.net/dwhttp://www.securityfocus.com/bid/15651http://pridels0.blogspot.com/2005/11/phpalbum-local-file-include-vuln.htmlhttp://www.osvdb.org/21410http://www.phpalbum.net/dwhttp://www.securityfocus.com/bid/15651
2005-12-01
Published