CyberSec.Space Logo
CVEブラウザに戻る

CVE-2006-6068

LOW
2.6
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile9.72th
Published2006年11月22日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.

Affected Platforms (CPE)

📦
Malbum

Malbum

<= 0.3

References & Advisories

🔗 http://secunia.com/advisories/22990
🔗 http://www.securityfocus.com/archive/1/452169/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/452656/100/0/threaded
🔗 http://www.vupen.com/english/advisories/2006/4641
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/30431
🔗 http://secunia.com/advisories/22990
🔗 http://www.securityfocus.com/archive/1/452169/100/0/threaded
🔗 http://www.securityfocus.com/archive/1/452656/100/0/threaded

関連する脆弱性情報

CVE-2007-104510.0

mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote atta...

CVE-2006-60695.0

index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...