CVE-2000-0902

Name of the Vulnerable Software and Affected Versions PhotoAlbum versions prior to 0.9.9

Description The issue allows remote attackers to read arbitrary files via a .. (dot dot) attack, which is a path traversal attack that exploits the ability to access parent directories by using the ../ notation in a URL or file path. This can potentially lead to unauthorized access to sensitive files on the server.

Recommendations For versions prior to 0.9.9, update to version 0.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the getalbum.php file until a patch is available.