4nAlbum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the displaycategory.php script not properly sanitizing input to the "basepath" variable. An attacker may use this to include an arbitrary file from a remote server which will be processed and any commands executed.
Remote / Network Access
Loss of Integrity
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.