[VIM] Disputed vulnerability: Pixaria, PopPhoto (fwd)
Steven M. Christey
coley at linus.mitre.org
Thu Jun 15 10:51:38 EDT 2006
The following "dispute" is probably more of a clarification, sine the
vendor's web site has an announcement that specifically mentions SECUNIA
SA20087 and says a fix is available. My read is: "Pixaria is not the
developer, only the distributor."
See the CVE description afterwards, which quotes from the relevant
---------- Forwarded message ----------
Date: Thu, 15 Jun 2006 09:14:10 +0100
From: Jamie Longstaff
To: cve at mitre.org
Cc: nvd at nist.gov
Subject: Disputed vulnerability: Pixaria, PopPhoto
Disputed vulnerability: Pixaria, PopPhoto
To whom it may concern,
I wish to dispute the vulnerability listed for PopPhoto for the
1) PopPhoto is NOT a product of Pixaria. It was a product of PopSoft
Digital and is only hosted by Pixaria as a courtesy since it was
withdrawn last year.
2) PopPhoto, the product with the vulnerability, is obsolete and has
not been available to the public for nearly a year.
3) The vulnerability listed was patched by the previous vendor and
all previous users have received this update.
Listing the vulnerability as something associated with Pixaria - my
company - is having a negative effect on my business when it's
nothing to do with me.
PHP remote file inclusion vulnerability in
resources/includes/popp.config.loader.inc.php in PopPhoto Studio 3.5.4
and earlier allows remote attackers to execute arbitrary PHP code via
a URL in the include_path parameter (cfg['popphoto_base_path']
variable). NOTE: the developer of this product is not Pixaria, as
claimed by some sources.
More information about the VIM