EIP-2026-110645

This exploit targets a file inclusion vulnerability in PHP Album <= 0.3.2.3, leveraging uninitialized variables and specific PHP configurations (magic_quotes_gpc=Off, register_globals=On) to execute arbitrary commands. It injects PHP code into log files and includes them via the vulnerable 'data_dir' parameter.