The remote web server contains a PHP application that is affected by a local file include vulnerability. Description : The remote host is running WEBalbum, a photo album application written in PHP. The installed version of WEBalbum fails to sanitize user input to the 'skin2' cookie in 'inc/inc_main.php' before using it to include arbitrary files. An unauthenticated attacker may be able to read arbitrary local files or include a local file that contains commands which will be executed on the remote host subject to the privileges of the web server process. This flaw is only exploitable if PHP's 'magic_quotes_gpc' is disabled.

Unknown at this time.