CVE-2011-4806
phpalbum < 0.4.1.16 - Cross-Site Scripting via var1 or keyword Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-4806. PoCs published by BHG Security Center.
AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in PHP Photo Album <= 0.4.1.16, including XSS, local file disclosure, and PHP code injection. It provides proof-of-concept URLs but does not include executable exploit code.
Description
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
Exploits (1)
This is a writeup detailing multiple vulnerabilities in PHP Photo Album <= 0.4.1.16, including XSS, local file disclosure, and PHP code injection. It provides proof-of-concept URLs but does not include executable exploit code.