Vulnerabilities > CVE-2006-6068 - Directory Traversal vulnerability in mAlbum

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
high complexity
malbum

Summary

Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. Successful exploitation requires that "magic_quotes_gpc" in php.ini is disabled.

Vulnerable Configurations

Part Description Count
Application
Malbum
1