CVE-2006-6613

Name of the Vulnerable Software and Affected Versions phpAlbum versions 0.4.1 Beta 6 and earlier

Description The issue allows remote attackers to include and execute arbitrary local files or obtain sensitive information. This is achieved by exploiting a directory traversal vulnerability in the language.php file when magic quotes gpc is disabled and register globals is enabled. Attackers can inject PHP sequences into an Apache HTTP Server log file, which is then included by language.php, by using a .. (dot dot) in the pa lang[include file] parameter.

Recommendations For phpAlbum versions 0.4.1 Beta 6 and earlier, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to sensitive files and directories to prevent unauthorized inclusion and execution. As a temporary workaround, consider restricting the use of the pa lang[include file] parameter in the language.php file until a patch is available.