MalbumCVEs & Vulnerabilities
3 CVEs affecting Malbum products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
3 CVEs→ All vendors
Most Affected Products
malbum 3
CVE-2007-1045CRITICAL
mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.
21 Feb 2007
10.0
CVSS
CVE-2006-6068LOW
Directory traversal vulnerability in the cached_album function in functions.php for mAlbum 0.3 and earlier allows remote attackers to list filenames of arbitrary images via a .. (dot dot) in the gal parameter to index.php.
22 Nov 2006
2.6
CVSS
CVE-2006-6069MEDIUM
index.php in mAlbum 0.3 and earlier allows remote attackers to obtain the installation path via an invalid gal parameter.
22 Nov 2006
5.0
CVSS
← PrevPage 1 / 1Next →