VYPR
Unrated severityNVD Advisory· Published May 16, 2006· Updated Jun 16, 2026

CVE-2006-2395

CVE-2006-2395

Description

PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:popsoft_digital:popphoto:3.5.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:popsoft_digital:popphoto:3.5.4:*:*:*:*:*:*:*
    • (no CPE)range: <=3.5.4

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.