CVE-2006-1839

Name of the Vulnerable Software and Affected Versions PHP Album version 0.3.2.3

Description The issue allows remote attackers to execute arbitrary code via an FTP URL in the data dir parameter when register globals is enabled. This is due to the data dir parameter satisfying the file exists function call, which can lead to remote file inclusion.

Recommendations For PHP Album version 0.3.2.3, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the language.php file to minimize the risk of arbitrary code execution. Avoid using FTP URLs in the data dir parameter until the issue is resolved.