CVE-2006-3075 Information

Description

Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to files in photoalbum/ including (1) thumstbl.php (2) wpfiles.php and (3) wallpapr.php.

Reference

http://secunia.com/advisories/20656 http://securitytracker.com/id?1016279 http://www.osvdb.org/26500 http://www.osvdb.org/26501 http://www.osvdb.org/26502 http://www.securityfocus.com/archive/1/437449/100/100/threaded http://www.securityfocus.com/bid/18471 http://www.vupen.com/english/advisories/2006/2352 https://exchange.xforce.ibmcloud.com/vulnerabilities/27183