RSS   Vulnerabilities for 'Malbum'   RSS

2007-02-21
 
CVE-2007-1045

CWE-264
 

 
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.

 
2006-11-21
 
CVE-2006-6069

CWE-Other
 

 
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.

 
 
CVE-2006-6068

CWE-Other
 

 
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.

 


Copyright 2022, cxsecurity.com

 

Back to Top