CVE-2006-4990 - Homonymic Mediums
Description
Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the PP_PATH parameter in (1) addfav.php (2) adm-admlog.php (3) adm-approve.php (4) adm-backup.php (5) adm-cats.php (6) adm-cinc.php (7) adm-db.php (8) adm-editcfg.php (9) adm-inc.php (10) adm-index.php (11) adm-modcom.php (12) adm-move.php (13) adm-options.php (14) adm-order.php (15) adm-pa.php (16) adm-photo.php (17) adm-purge.php (18) adm-style.php (19) adm-templ.php (20) adm-userg.php (21) adm-users.php (22) bulkupload.php (23) cookies.php (24) comments.php (25) ecard.php (26) editphoto.php (27) register.php (28) showgallery.php (29) showmembers.php (30) useralbums.php (31) uploadphoto.php (32) search.php or (33) adm-menu.php different vectors than CVE-2006-4828.
Reference
http://www.osvdb.org/32234 http://www.osvdb.org/32221 http://www.osvdb.org/32222 http://www.osvdb.org/32223 http://www.osvdb.org/32224 http://www.osvdb.org/32225 http://www.osvdb.org/32226 http://www.osvdb.org/32227 http://www.osvdb.org/32228 http://www.osvdb.org/32229 http://www.osvdb.org/32230 http://www.osvdb.org/32231 http://www.osvdb.org/32232 http://www.osvdb.org/32233 http://www.osvdb.org/32235 http://www.osvdb.org/32236 http://www.osvdb.org/32237 http://www.osvdb.org/32238 http://www.osvdb.org/32239 http://www.osvdb.org/32240 http://www.osvdb.org/32243 http://www.osvdb.org/32245 http://www.osvdb.org/32246 http://www.osvdb.org/32247 http://www.osvdb.org/32248 http://www.osvdb.org/32249 http://www.osvdb.org/32250 http://www.osvdb.org/32251 http://www.osvdb.org/32252 http://www.osvdb.org/32253 http://securityreason.com/securityalert/1632 http://www.securityfocus.com/archive/1/446224/100/0/threaded