Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and previous versions allow remote malicious users to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
photopost photopost php pro 4.0 |
||
photopost photopost php pro 3.1 |
||
photopost photopost php pro 4.1 |
||
photopost photopost php pro 3.3 |
||
photopost photopost php pro 4.6 |
||
photopost photopost php pro 4.8.1 |
||
photopost photopost php pro 3.2 |