CVE-2005-3948 Information

Description

Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.

Reference

http://pridels0.blogspot.com/2005/11/phpalbum-local-file-include-vuln.html http://www.osvdb.org/21410 http://www.phpalbum.net/dw http://www.securityfocus.com/bid/15651