COMMAND

    PhotoAlbum

SYSTEMS AFFECTED

    PhotoAlbum 0.9.9 explorer.php

PROBLEM

    Kostas Petrakis aka Pestilence found following.  Any user is  able
    to pass a  directory as   request to the  script, the script  will
    read the  directory and  output all  files included  in it and has
    read access.  For instance:

        http://www.phpphotoalbum.com/products/phpPhotoAlbum/explorer.php?folder=../../../../../../../etc/

    will reveal all the files located in the specified directory.

    Previous version affected  too, but with  another script.   If you
    haven't chrooted web  page directory, user  can read files  as the
    user running the webserver.  For older versions than 0.9.9...

        http://www.siteaffected.com/phpPhotoAlbum/getalbum.php?album=../../../etc/

    will show /etc directory.

SOLUTION

    Nothing yet.