Vulnerabilities > CVE-2006-4828 - Remote File Include vulnerability in PhotoPost Pro

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
photopost
exploit available
NVD
Published: 2006-09-15
Updated: 2018-10-17

Summary

PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter.

Vulnerable Configurations

Part Description Count
Application
Photopost
7

Exploit-Db

descriptionPhotoPost <= 4.6 (PP_PATH) Remote File Include Vulnerability. CVE-2006-4828. Webapps exploit for php platform
idEDB-ID:2369
last seen2016-01-31
modified2006-09-15
published2006-09-15
reporterSaudi Hackrz
sourcehttps://www.exploit-db.com/download/2369/
titlePhotoPost <= 4.6 PP_PATH Remote File Include Vulnerability

References