Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Atomic Photo Album apa_module_basedir Variable File Include Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Checks for apa_module_basedir variable file include vulnerability in Atomic Photo Album

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is vulnerable to a
remote file inclusion attack.

Description :

The remote host is running Atomic Photo Album, a free, PHP-based photo

The installed version of Atomic Photo Album allows remote attackers to
control the 'apa_module_basedir' variable used when including PHP code
in the '' script. By leveraging this flaw, an
attacker may be able to view arbitrary files on the remote host and
execute arbitrary PHP code, possibly taken from third-party hosts.

See also :

Solution :

Ensure that PHP's 'magic_quotes_gpc' setting is enabled and
that 'allow_url_fopen' is disabled.

Threat Level:

High / CVSS Base Score : 7

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.