|
CVE Reference: CVE-2006-1480
|
|
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.
|
|
Original Page at CVE MITRE:
CVE-2006-1480
|
|
Description:
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
|
|
CVE Status:
Candidate
|
|
References:
XF
http://xforce.iss.net/xforce/xfdb/25443
SAID
Secunia Advisory: SA19400
OSVDB
24160
MISC
http://milw0rm.com/exploits/1608
BID
17228
|
|
|
Return to the previous page.
|
