CVE-2006-1480

Name of the Vulnerable Software and Affected Versions: WebAlbum version 2.02

Description: The issue allows remote attackers to include arbitrary files and execute commands. This is achieved by injecting code into local log files via GET commands, and then accessing the log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.

Recommendations: For WebAlbum version 2.02, consider restricting access to the start.php file until a patch is available. As a temporary workaround, avoid using the skin2 COOKIE parameter with a .. (dot dot) sequence and a trailing null (%00) byte to minimize the risk of exploitation.