HTTP: 4nAlbum PHP-Nuke Module displaycategory.php Remote File Inclusion

This signature detects attempts to exploit a known vulnerability against WarpSpeed 4nAlbum. A successful attack can lead to arbitrary code execution.

Extended Description

It has been reported that 4nAlbum is prone to multiple vulnerabilities. These issues are primarily due to a failure of the module to validate user input. There is an information disclosure issue with the 'displaycategory.php' script. There is a remote file inclusion vulnerability in the 'displaycategory.php' script. A cross-site scripting vulnerability in the 'nmimage.php' script has also been reported. Finally an SQL injection vulnerability has been reported. This issue may be leveraged through the 'modules.php' script of phpNuke while requesting the 'index' file of the 4nAlbum module. This issue has been reported to affect version 0.92 of the software. It is quite likely that other versions are affected as well.

Affected Products

Warpspeed 4nalbum_module

Short Name
HTTP:PHP:PHPNUKE:4NALBUM-INC
Severity
Major
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
4nAlbum CVE-2004-1820 File Inclusion Module PHP-Nuke Remote bid:9881 displaycategory.php
Release Date
01/17/2007
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Warpspeed

CVSS Score

7.5

Found a potential security threat?