Vulnerabilities > CVE-2006-6068 - Directory Traversal vulnerability in mAlbum
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php. Successful exploitation requires that "magic_quotes_gpc" in php.ini is disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |