Description
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
Exploits (3)
exploitdb
WRITEUP
VERIFIED
by Morocco Security Team · textwebappsphp
https://www.exploit-db.com/exploits/27864
exploitdb
WRITEUP
VERIFIED
by Morocco Security Team · textwebappsphp
https://www.exploit-db.com/exploits/27865
exploitdb
WRITEUP
VERIFIED
by Morocco Security Team · textwebappsphp
https://www.exploit-db.com/exploits/27866
References (9)
Core 9
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/17967
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1806
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25499
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26426
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25497
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/25498
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20095
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/433936/100/0/threaded
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/906
Scores
EPSS
0.0104
EPSS Percentile
77.6%
Details
Status
published
Products (2)
gphotos/gphotos
1.4
gphotos/gphotos
1.5
Published
May 16, 2006
Tracked Since
Feb 18, 2026