CVE-2007-1456
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/03/2007
Last modified:
09/04/2025
Description
PHP remote file inclusion vulnerability in common.php in PHP Photo Album allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability, because versions 0.3.2.6 and 0.4.1beta do not contain this file. However, it is possible that the original researcher was referring to a different product
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:phpalbum.net:phpalbum:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://securityreason.com/securityalert/2422
- http://www.attrition.org/pipermail/vim/2007-March/001432.html
- http://www.securityfocus.com/archive/1/462559/100/0/threaded
- http://www.securityfocus.com/archive/1/462802/100/0/threaded
- http://securityreason.com/securityalert/2422
- http://www.attrition.org/pipermail/vim/2007-March/001432.html
- http://www.securityfocus.com/archive/1/462559/100/0/threaded
- http://www.securityfocus.com/archive/1/462802/100/0/threaded