CVE-2007-1456

Name of the Vulnerable Software and Affected Versions PHP Photo Album versions prior to 0.3.2.6

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the db file parameter in the common.php file. It is noted that versions 0.3.2.6 and 0.4.1beta do not contain this file, which may indicate the original researcher was referring to a different product.

Recommendations For PHP Photo Album versions prior to 0.3.2.6, consider updating to a version that does not contain the vulnerable common.php file or apply configuration changes to restrict access to the db file parameter. As a temporary workaround, consider disabling the common.php file until a patch is available.