CVE-2006-6068

Name of the Vulnerable Software and Affected Versions mAlbum versions 0.3 and earlier

Description A directory traversal issue exists in the cached album function, allowing remote attackers to list filenames of arbitrary images by providing a .. (dot dot) in the gal parameter to the "index.php" endpoint.

Recommendations For mAlbum versions 0.3 and earlier, consider restricting access to the vulnerable cached album function in functions.php until a patch is available. Avoid using the gal parameter in the "index.php" endpoint with untrusted input to minimize the risk of exploitation.