GPhotos is "a PHP based photo gallery". The GPhotos product has been found to contain multiple vulnerabilities allowing attacker to disclose sensitive information on directories and files residing on the remote system as well as allow attackers to insert arbitrary HTML and/or JavaScript.
Credit:
The information has been provided by tux025.
Cross Site Scripting:
User provided input passed to the "rep" parameter in "index.php" and "diapo.php", and the "image" parameter in "affich.php" allows remote attackers to include arbitrary content into the web page returned by the server.
Directory Traversal:
User provided input passed to the "rep" parameter in "index.php" allows remote attackers to access files and directories that reside outside the web server's default path by utilizing a simple "../" attack.
