CVE-2006-5865

Properties

Published:
09.11.2006
Updated:
30.03.2007
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Damien Benier: MyAlbum

Vulnerability description

PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.

References:

http://www.milw0rm.com/exploits/2747: http://www.milw0rm.com/exploits/2747
FRSIRT: http://www.frsirt.com/english/advisories/2006/4427
SECUNIA: http://secunia.com/advisories/22619
XF: http://xforce.iss.net/xforce/xfdb/30169
OSVDB: http://www.osvdb.org/30280
BUGTRAQ: http://www.securityfocus.com/archive/1/452140
MILW0RM: http://milw0rm.com/exploits/2747
BID: http://www.securityfocus.com/bid/21187