CVE-2006-4828

PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.

Published: Sep 16, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-4828
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
photopost / photopost_php_pro	4.2	4.2.x
photopost / photopost_php_pro	4.0	4.0.x
photopost / photopost_php_pro	4.1	4.1.x
photopost / photopost_php_pro	4.3	4.3.x
photopost / photopost_php_pro	4.5	4.5.x
photopost / photopost_php_pro	4.6	4.6.x
photopost / photopost_php_pro	4.4	4.4.x

http://securityreason.com/securityalert/1581
http://www.securityfocus.com/archive/1/446031/100/0/threaded
http://www.securityfocus.com/bid/20028
https://exchange.xforce.ibmcloud.com/vulnerabilities/28948

Vulnerability Database

289,871

CVE-2006-4828