CVE-2006-3075

Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php, (2) wpfiles.php, and (3) wallpapr.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/20656	Vendor Advisory
http://securitytracker.com/id?1016279
http://www.osvdb.org/26500
http://www.osvdb.org/26501
http://www.osvdb.org/26502
http://www.securityfocus.com/archive/1/437449/100/100/threaded
http://www.securityfocus.com/bid/18471
http://www.vupen.com/english/advisories/2006/2352
https://exchange.xforce.ibmcloud.com/vulnerabilities/27183
http://secunia.com/advisories/20656	Vendor Advisory
http://securitytracker.com/id?1016279
http://www.osvdb.org/26500
http://www.osvdb.org/26501
http://www.osvdb.org/26502
http://www.securityfocus.com/archive/1/437449/100/100/threaded
http://www.securityfocus.com/bid/18471
http://www.vupen.com/english/advisories/2006/2352
https://exchange.xforce.ibmcloud.com/vulnerabilities/27183

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:picturedis:picturedis_photoalbum:4.82:::::::*
	cpe:2.3:a:picturedis:picturedis_professional:1.33_build_234:::::::*

History

21 Nov 2024, 00:12

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/20656 - Vendor Advisory~~	() http://secunia.com/advisories/20656 - Vendor Advisory
References	~~() http://securitytracker.com/id?1016279 -~~	() http://securitytracker.com/id?1016279 -
References	~~() http://www.osvdb.org/26500 -~~	() http://www.osvdb.org/26500 -
References	~~() http://www.osvdb.org/26501 -~~	() http://www.osvdb.org/26501 -
References	~~() http://www.osvdb.org/26502 -~~	() http://www.osvdb.org/26502 -
References	~~() http://www.securityfocus.com/archive/1/437449/100/100/threaded -~~	() http://www.securityfocus.com/archive/1/437449/100/100/threaded -
References	~~() http://www.securityfocus.com/bid/18471 -~~	() http://www.securityfocus.com/bid/18471 -
References	~~() http://www.vupen.com/english/advisories/2006/2352 -~~	() http://www.vupen.com/english/advisories/2006/2352 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/27183 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/27183 -

Information

Published : 2006-06-19 10:02

Updated : 2024-11-21 00:12

NVD link : CVE-2006-3075

Mitre link : CVE-2006-3075

CVE.ORG link : CVE-2006-3075

JSON object : View

Products Affected

picturedis

picturedis_professional
picturedis_photoalbum

CWE

NVD-CWE-Other

7.5 /10