Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: albumpl.txt vuln

AresU Advisory
04/27/2003 Vulnerability

Severity : High (CGI Remote Command Execution)
Systems Affected: up to v6.1
Vendor URL: <>
Vuln Type : CGI Remote Command Execution
Status : Vendor contacted, new fixed version available
Author : AresU
Greetz to : Mike B., Bosen, Tioeuy, syzwz, Heltz, eF73, SakitJiwa, nimdA, Br0374l, FreshFirst, Algorithm
All 1ndonesian Security Team (1st)

======= is a popular web photo album application that allows you to simply drop new photo files into a directory, and they will automatically be accessible via the web.
Any user can execute commands with Web Server privileges (normally nobody) when use an alternate configuration file.

Upgrade to a newer version (at least 6.2)

Vulnerability discovery and advisory by AresU

Vendor Response
Vendor has been contacted and new fixed version is available.

Exploit Code
I have refrained from publishing a more functional exploit at this time, 
to delay attacks against installations.

This mail sent through <>

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH