[] NeoSense
E X P L O I T S
title author type platform port cve id

PHP Photo Album 0.2.3/4.1 - Local File Inclusion

Author: r0t3d3Vil
type: webapps
platform: php
port: nan
date_added: 2005-11-30 
date_updated: 2016-10-27 
verified: 1 
codes: CVE-2005-3948;OSVDB-21410 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/15651/info

phpAlbum is prone to a local file-include vulnerability.

An attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the webserver process.

Note that this issue may also be leveraged to read arbitrary files on an affected computer with the privileges of the webserver.

phpAlbum 0.2.3 and prior versions are vulnerable.

http://www.example.com/main.php?cmd=../
http://www.example.com/main.php?cmd=album&var1=../
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.