Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2395


Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2395
Last Modified 10 Aug 2011 12:00:00
Published 15 May 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PHP remote file inclusion vulnerability in resources/includes/ in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."

Vulnerable Systems


  • Popsoft Digital Popphoto 3.5.4


XF - popphoto-poppconfigloader-file-include(26449)

VUPEN - ADV-2006-1792

BID - 17970


OSVDB - 25524

VIM - 20060615 Disputed vulnerability: Pixaria, PopPhoto (fwd)

SECTRACK - 1016092

SECUNIA - 20087


Last Updated: 27 May 2016 10:42:27