{
  "schema_version": "1.4.0",
  "id": "GHSA-x59m-gx2q-8pjf",
  "modified": "2022-05-01T07:23:52Z",
  "published": "2022-05-01T07:23:52Z",
  "aliases": [
    "CVE-2006-4990"
  ],
  "details": "Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php, (2) adm-admlog.php, (3) adm-approve.php, (4) adm-backup.php, (5) adm-cats.php, (6) adm-cinc.php, (7) adm-db.php, (8) adm-editcfg.php, (9) adm-inc.php, (10) adm-index.php, (11) adm-modcom.php, (12) adm-move.php, (13) adm-options.php, (14) adm-order.php, (15) adm-pa.php, (16) adm-photo.php, (17) adm-purge.php, (18) adm-style.php, (19) adm-templ.php, (20) adm-userg.php, (21) adm-users.php, (22) bulkupload.php, (23) cookies.php, (24) comments.php, (25) ecard.php, (26) editphoto.php, (27) register.php, (28) showgallery.php, (29) showmembers.php, (30) useralbums.php, (31) uploadphoto.php, (32) search.php, or (33) adm-menu.php, different vectors than CVE-2006-4828.",
  "severity": [],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-4990"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1632"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32221"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32222"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32223"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32224"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32225"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32226"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32227"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32228"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32229"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32230"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32231"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32232"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32233"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32234"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32235"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32236"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32237"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32238"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32239"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32240"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32243"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32245"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32246"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32247"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32248"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32249"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32250"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32251"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32252"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/32253"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/446224/100/0/threaded"
    }
  ],
  "database_specific": {
    "cwe_ids": [],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-09-26T02:07:00Z"
  }
}