PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.
References
Configurations
History
No history.
Information
Published : 2006-04-19 16:06
Updated : 2024-02-04 16:52
NVD link : CVE-2006-1839
Mitre link : CVE-2006-1839
CVE.ORG link : CVE-2006-1839
JSON object : View
Products Affected
php_album
- php_album
CWE