CVE-2000-0872

Name of the Vulnerable Software and Affected Versions PhotoAlbum version 0.9.9

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) attack, which is a path traversal attack that exploits the ability to access parent directories using the ../ notation. This can potentially lead to unauthorized access to sensitive files.

Recommendations For PhotoAlbum version 0.9.9, consider restricting access to the explorer.php file until a patch is available, or apply a configuration change to prevent path traversal attacks, such as properly sanitizing user input to prevent the use of ../ in file paths.