Vulnerabilities (CVE)

Filtered by vendor Phpalbum Subscribe
Filtered by product Phpalbum
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2011-4807 1 Phpalbum 1 Phpalbum 2024-11-21 5.0 MEDIUM N/A
Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the var1 parameter.
CVE-2011-4806 1 Phpalbum 1 Phpalbum 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in main.php in phpAlbum 0.4.1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) var1 and (2) keyword parameters.
CVE-2011-3770 1 Phpalbum 1 Phpalbum 2024-11-21 5.0 MEDIUM N/A
phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by themes/Flowing_Dark/parameters.tpl.php and certain other files.