Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2004-1870

Published: 29/03/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and previous versions allow remote malicious users to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

Vulnerable Product Search on Vulmon Subscribe to Product

photopost photopost php pro 4.0

photopost photopost php pro 3.1

photopost photopost php pro 4.1

photopost photopost php pro 3.3

photopost photopost php pro 4.6

photopost photopost php pro 4.8.1

photopost photopost php pro 3.2

Exploits

Exploit DB: PhotoPost < 4.6 - Multiple Vulnerabilities
PhotoPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc Product: PhotoPost Version: &lt;= 46 Website: wwwphotopostcom/ BID: 9994 CVE: CVE-2004-1870 CVE-2004-1871 OSVDB: 10261 10262 10263 10264 10265 10266 10267 4771 SECUNIA: 11241 Description: PhotoPost was designed to help you give your users exactly what they want Your us ...
Exploit DB: PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections
source: wwwsecurityfocuscom/bid/9994/info Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other a ...

References

NVD-CWE-Otherhttp://securitytracker.com/id?1009571http://www.securityfocus.com/bid/9994http://secunia.com/advisories/11241http://marc.info/?l=bugtraq&m=108057790723123&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15642https://nvd.nist.govhttps://www.exploit-db.com/exploits/43808/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316firmwareCVE-2024-30078CVE-2024-5995remote code executionlogic flawCVE-2024-20693CVE-2024-37315CVE-2024-5464
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook