Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2395

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-2395
Last Modified 10 Aug 2011 12:00:00
Published 15 May 2006 09:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2395

Summary

PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."

Vulnerable Systems

Application

  • Popsoft Digital Popphoto 3.5.4


References

XF - popphoto-poppconfigloader-file-include(26449)

VUPEN - ADV-2006-1792

BID - 17970

CONFIRM - http://www.pixaria.com/news/article/35/

OSVDB - 25524

VIM - 20060615 Disputed vulnerability: Pixaria, PopPhoto (fwd)

SECTRACK - 1016092

SECUNIA - 20087

MISC - http://pridels0.blogspot.com/2006/05/popphoto-remote-file-inclusion-vuln.html


Last Updated: 27 May 2016 10:42:27