RSS   Vulnerabilities for 'Ezwebalbum'   RSS

2008-07-24
 
CVE-2008-3293

CWE-22
 

 
Directory traversal vulnerability in download.php in EZWebAlbum allows remote attackers to read arbitrary files via the dlfilename parameter.

 
 
CVE-2008-3292

CWE-287
 

 
constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass authentication and gain administrator privileges by setting the photoalbumadmin cookie, as demonstrated via addpage.php.

 


Copyright 2024, cxsecurity.com

 

Back to Top