ID CVE-2006-3075
Summary Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.
References
Vulnerable Configurations
  • cpe:2.3:a:picturedis:picturedis_photoalbum:4.82:*:*:*:*:*:*:*
    cpe:2.3:a:picturedis:picturedis_photoalbum:4.82:*:*:*:*:*:*:*
  • cpe:2.3:a:picturedis:picturedis_professional:1.33_build_234:*:*:*:*:*:*:*
    cpe:2.3:a:picturedis:picturedis_professional:1.33_build_234:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:45)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 18471
bugtraq 20060615 PictureDis Products "lang" Parameter File Inclusion Vulnerability
osvdb
  • 26500
  • 26501
  • 26502
sectrack 1016279
secunia 20656
vupen ADV-2006-2352
xf picturedis-lang-file-include(27183)
Last major update 18-10-2018 - 16:45
Published 19-06-2006 - 10:02
Last modified 18-10-2018 - 16:45
Back to Top