漏洞描述
Album Photo Sans Nom 1.6的getimg.php中存在目录遍历漏洞,远程攻击者可以通过img参数来读取任意文件。
Album Photo Sans Nom 'getimg.php'目录遍历漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2022-0873: WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
- POC CVE-2024-30194: Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
- POC CVE-2024-43971: Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
- (CVE-2025-12593)code-projects Simple Online Hotel Reservation System 2.0 Photo Handler组件任意文件上传漏洞
- QNAP Systems Photo Station 跨站脚本漏洞
- CVE-2019-7192: QNAP PhotoStation Unauthorizated File Read
- POC CVE-2009-3318: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
- POC CVE-2009-4202: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
- POC CVE-2010-1461: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
- POC CVE-2015-4414: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
- POC CVE-2016-1000143: WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
- POC CVE-2019-15829: Gallery Photoblocks < 1.1.43 - Cross-Site Scripting
- POC CVE-2019-7192: QNAP QTS and Photo Station 6.0.3 - Remote Command Execution