CVE-2011-4807

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2011-4807
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://www.exploit-db.com/exploits/18045 Exploit
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpalbum:phpalbum:0.4.1.15:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix05:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix02:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.3.1:fix01:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1.14:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:*:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix01:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.3.1:fix02:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix03:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.4.1-14:fix06:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:phpalbum:phpalbum:0.3.2:*:*:*:*:*:*:*
Information

Published : 2011-12-13 16:55

Updated : 2012-02-09 21:00

NVD link : CVE-2011-4807

Mitre link : CVE-2011-4807

JSON object : View

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Advertisement

dedicated server usa
Products Affected

phpalbum

  • phpalbum