Exploitation Summary
EIP tracks 1 public exploit for CVE-2000-0872. PoCs published by pestilence.
AI-analyzed exploit summary The exploit describes a directory traversal vulnerability in phpPhotoAlbum 0.9.9 via the 'folder' parameter in explorer.php, allowing unauthorized read access to files and directories.
Description
explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by pestilence · textwebappsphp
https://www.exploit-db.com/exploits/20208
The exploit describes a directory traversal vulnerability in phpPhotoAlbum 0.9.9 via the 'folder' parameter in explorer.php, allowing unauthorized read access to files and directories.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
phpPhotoAlbum 0.9.9
No auth needed
Prerequisites:
Access to the target web server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1650
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/5198
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-09/0015.html
Scores
EPSS
0.0749
EPSS Percentile
93.7%
Details
Status
published
Products (1)
nathan_purciful/phpphotoalbum
0.9.9
Published
Nov 14, 2000
Tracked Since
Feb 18, 2026