CVE-2006-4990
published 2006-09-26CVE-2006-4990: Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1)…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.56%
83.1th percentile
Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://securityreason.com/securityalert/1632http://www.osvdb.org/32221http://www.osvdb.org/32222http://www.osvdb.org/32223http://www.osvdb.org/32224http://www.osvdb.org/32225http://www.osvdb.org/32226http://www.osvdb.org/32227http://www.osvdb.org/32228http://www.osvdb.org/32229http://www.osvdb.org/32230http://www.osvdb.org/32231http://www.osvdb.org/32232http://www.osvdb.org/32233http://www.osvdb.org/32234http://www.osvdb.org/32235http://www.osvdb.org/32236http://www.osvdb.org/32237http://www.osvdb.org/32238http://www.osvdb.org/32239http://www.osvdb.org/32240http://www.osvdb.org/32243http://www.osvdb.org/32245http://www.osvdb.org/32246http://www.osvdb.org/32247http://www.osvdb.org/32248http://www.osvdb.org/32249http://www.osvdb.org/32250http://www.osvdb.org/32251http://www.osvdb.org/32252http://www.osvdb.org/32253http://www.securityfocus.com/archive/1/446224/100/0/threadedhttp://securityreason.com/securityalert/1632http://www.osvdb.org/32221http://www.osvdb.org/32222http://www.osvdb.org/32223http://www.osvdb.org/32224http://www.osvdb.org/32225http://www.osvdb.org/32226http://www.osvdb.org/32227http://www.osvdb.org/32228http://www.osvdb.org/32229http://www.osvdb.org/32230http://www.osvdb.org/32231http://www.osvdb.org/32232http://www.osvdb.org/32233http://www.osvdb.org/32234http://www.osvdb.org/32235http://www.osvdb.org/32236http://www.osvdb.org/32237http://www.osvdb.org/32238http://www.osvdb.org/32239http://www.osvdb.org/32240http://www.osvdb.org/32243http://www.osvdb.org/32245http://www.osvdb.org/32246http://www.osvdb.org/32247http://www.osvdb.org/32248http://www.osvdb.org/32249http://www.osvdb.org/32250http://www.osvdb.org/32251http://www.osvdb.org/32252http://www.osvdb.org/32253http://www.securityfocus.com/archive/1/446224/100/0/threaded
2006-09-26
Published