CVE-2006-5320

Directory traversal vulnerability in getimg.php in Album Photo Sans Nom 1.6 allows remote attackers to read arbitrary files via the img parameter.

Score5.0
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactNONE
Availability ImpactNONE
Published2006-10-17 01:07:00.000-04
Last Modified2018-10-17 05:42:10.000-04

Vulnerable Software List

VendorProductVersions
Morian Album Photo Sans Nom 1.6

References

SourceLink
MISChttp://acid-root.new.fr/poc/13061007.txt
VIM20061220 Provable vendor ACK for Album Photo Sans Nom traversal issue
BUGTRAQ20061007 7 php scripts File Inclusion / Source disclosure Vuln
BID20441
VUPENADV-2006-4008
XFalbum-photo-getimg-file-include(29473)
EXPLOIT-DB2507