CVE-2011-4807

Phpalbum < 0.4.1.16 - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BHG Security Center · textwebappsphp

https://www.exploit-db.com/exploits/18045

View Code ZIP pw:eip

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18045

Scores

EPSS 0.0294

EPSS Percentile 86.5%

Details

CWE

CWE-22

Status published

Products (11)

phpalbum/phpalbum 0.2.1

phpalbum/phpalbum 0.2.2

phpalbum/phpalbum 0.2.3

phpalbum/phpalbum 0.2.4

phpalbum/phpalbum 0.3.0

phpalbum/phpalbum 0.3.1 (3 CPE variants)

phpalbum/phpalbum 0.3.2

phpalbum/phpalbum 0.4.1-14 (6 CPE variants)

phpalbum/phpalbum 0.4.1.14

phpalbum/phpalbum 0.4.1.15

... and 1 more

Published Dec 14, 2011

Tracked Since Feb 18, 2026