PT-2006-6042 · Unknown · Album Photo Sans Nom

Darkfig

Published

2006-10-17

Updated

2018-10-17

CVE-2006-5320

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Album Photo Sans Nom version 1.6

Description A directory traversal issue exists, allowing remote attackers to read arbitrary files. This is achieved via the img parameter in the "getimg.php" file.

Recommendations For Album Photo Sans Nom version 1.6, consider restricting access to the "getimg.php" file until a patch is available. As a temporary workaround, avoid using the img parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5320

Affected Products

Album Photo Sans Nom

PT-2006-6042 · Unknown · Album Photo Sans Nom

CVE-2006-5320

Related Identifiers

Affected Products

References · 10