Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3075

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3075
Last Modified 07 Mar 2011 09:37:47
Published 19 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3075

Summary

Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.

Vulnerable Systems

Application

  • Picturedis Photoalbum 4.82

  • Picturedis Professional 1.33 Build 234


References

XF - picturedis-lang-file-include(27183)

VUPEN - ADV-2006-2352

BID - 18471

BUGTRAQ - 20060615 PictureDis Products "lang" Parameter File Inclusion Vulnerability

OSVDB - 26502

OSVDB - 26501

OSVDB - 26500

SECTRACK - 1016279

SECUNIA - 20656


Last Updated: 27 May 2016 10:42:52