7.5
CVSSv2

CVE-2004-1870

Published: 29/03/2004 Updated: 11/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and previous versions allow remote malicious users to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

Vulnerable Product Search on Vulmon Subscribe to Product

photopost photopost php pro 4.0

photopost photopost php pro 3.1

photopost photopost php pro 4.1

photopost photopost php pro 3.3

photopost photopost php pro 4.6

photopost photopost php pro 4.8.1

photopost photopost php pro 3.2

Exploits

PhotoPost Multiple Vulnerabilities Vendor: All Enthusiast, Inc Product: PhotoPost Version: <= 46 Website: wwwphotopostcom/ BID: 9994 CVE: CVE-2004-1870 CVE-2004-1871 OSVDB: 10261 10262 10263 10264 10265 10266 10267 4771 SECUNIA: 11241 Description: PhotoPost was designed to help you give your users exactly what they want Your us ...
source: wwwsecurityfocuscom/bid/9994/info Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other a ...