WEBalbum skin2 parameter file include
| webalbum-skin2-parameter-file-include (25443) |  Medium Risk |
Description:
WEBalbum could allow a remote attacker to include malicious files. If magic_quotes_gpc is disabled, a remote attacker could send a specially-crafted URL request using the skin2 cookie parameter to specify a malicious file from the local system, which could allow the attacker to execute arbitrary code on the vulnerable system.
Consequences:
Gain Access
Remedy:
No remedy available as of February 6, 2010.
References:
- WebalbuM Web site: WEBalbum.
- BID-17228: WEBalbum Remote Command Execution Vulnerability
- CVE-2006-1480: Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
- OSVDB ID: 24160: WEBalbum Cookie skin2 Parameter Traversal Local File Inclusion
- SA19400: WEBalbum Local File Inclusion Vulnerability
- VUPEN/ADV-2006-1108: WEBalbum skin2 Cookie Parameter Handling Local File Inclusion Vulnerability
Platforms Affected:
- WEBalbum WEBalbum 2.02
Reported:
Mar 25, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net