PHP Photo Album < 2.0.14 Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 2821
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host is running Photo Album, a phpBB module that enables users to easily share photo albums via the internet. This version of Photo Album is vulnerable to a SQL injection attack within the 'mode' parameter of the album_search.php script. An attacker exploiting this flaw would send a malformed query to the album_search.php script which, when processed, would give the attacker the ability to read and/or modify data. In addition, the attacker may be able to execute arbitrary code. Photo Album is also vulnerable to a Cross-Site Scripting (XSS) attack within the 'sid' parameter of the album_cat.php and album_comment.php scripts. An attacker exploiting this flaw would need to convince a user to browse to a malicious URI. Successful exploitation would result in attacker code running within the victim browser possibly resulting in the loss of confidential data (such as cookies).
SolutionUpgrade to version 2.0.14 or higher.