Fullrevolution Aspwebalbum vulnerabilities
3 known vulnerabilities affecting fullrevolution/aspwebalbum.
Total CVEs
3
CISA KEV
0
Public exploits
3
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2008-6978P3MEDIUMCVSS 6.8PoCv3.22009-08-19
CVE-2008-6978 [MEDIUM] CWE-20 CVE-2008-6978: Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
nvd
CVE-2004-1553P3HIGHCVSS 7.5PoCv3.22004-12-31
CVE-2004-1553 [HIGH] CWE-89 CVE-2004-1553: SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statemen
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable
nvd
CVE-2008-6977P4MEDIUMCVSS 4.3PoCv3.22009-08-19
CVE-2008-6977 [MEDIUM] CWE-79 CVE-2008-6977: Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remo
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
nvd