{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4990", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "32240", "refsource": "OSVDB", "url": "http://www.osvdb.org/32240" }, { "name": "32253", "refsource": "OSVDB", "url": "http://www.osvdb.org/32253" }, { "name": "32233", "refsource": "OSVDB", "url": "http://www.osvdb.org/32233" }, { "name": "32247", "refsource": "OSVDB", "url": "http://www.osvdb.org/32247" }, { "name": "32230", "refsource": "OSVDB", "url": "http://www.osvdb.org/32230" }, { "name": "32252", "refsource": "OSVDB", "url": "http://www.osvdb.org/32252" }, { "name": "32245", "refsource": "OSVDB", "url": "http://www.osvdb.org/32245" }, { "name": "32223", "refsource": "OSVDB", "url": "http://www.osvdb.org/32223" }, { "name": "32250", "refsource": "OSVDB", "url": "http://www.osvdb.org/32250" }, { "name": "32227", "refsource": "OSVDB", "url": "http://www.osvdb.org/32227" }, { "name": "32237", "refsource": "OSVDB", "url": "http://www.osvdb.org/32237" }, { "name": "20060918 PhotoPost PHP 4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/446224/100/0/threaded" }, { "name": "32222", "refsource": "OSVDB", "url": "http://www.osvdb.org/32222" }, { "name": "32248", "refsource": "OSVDB", "url": "http://www.osvdb.org/32248" }, { "name": "32231", "refsource": "OSVDB", "url": "http://www.osvdb.org/32231" }, { "name": "32246", "refsource": "OSVDB", "url": "http://www.osvdb.org/32246" }, { "name": "32228", "refsource": "OSVDB", "url": "http://www.osvdb.org/32228" }, { "name": "32221", "refsource": "OSVDB", "url": "http://www.osvdb.org/32221" }, { "name": "32232", "refsource": "OSVDB", "url": "http://www.osvdb.org/32232" }, { "name": "32234", "refsource": "OSVDB", "url": "http://www.osvdb.org/32234" }, { "name": "32249", "refsource": "OSVDB", "url": "http://www.osvdb.org/32249" }, { "name": "1632", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1632" }, { "name": "32239", "refsource": "OSVDB", "url": "http://www.osvdb.org/32239" }, { "name": "32235", "refsource": "OSVDB", "url": "http://www.osvdb.org/32235" }, { "name": "32229", "refsource": "OSVDB", "url": "http://www.osvdb.org/32229" }, { "name": "32226", "refsource": "OSVDB", "url": "http://www.osvdb.org/32226" }, { "name": "32236", "refsource": "OSVDB", "url": "http://www.osvdb.org/32236" }, { "name": "32243", "refsource": "OSVDB", "url": "http://www.osvdb.org/32243" }, { "name": "32224", "refsource": "OSVDB", "url": "http://www.osvdb.org/32224" }, { "name": "32251", "refsource": "OSVDB", "url": "http://www.osvdb.org/32251" }, { "name": "32238", "refsource": "OSVDB", "url": "http://www.osvdb.org/32238" }, { "name": "32225", "refsource": "OSVDB", "url": "http://www.osvdb.org/32225" } ] } }