Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nathan Purciful phpPhotoAlbum目录遍历漏洞
Vulnerability Description
phpPhotoAlbum 0.9.9所带的explorer.php存在一个目录遍历漏洞。 如果提交的链接中"folder"变量包含"../"字符串,远程用户就可能获取任何文件(以Web Server运行身份)的内容,也可以浏览有访问权限的目录。 比phpPhotoAlbum 0.9.9更老的版本中的另外一个程序getalbum.php也存在同样的问题,有问题的变量是"album"。
CVSS Information
N/A
Vulnerability Type
N/A