Vulnerability Description
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Photopost | Photopost Php Pro | 3.1 |
References
- http://marc.info/?l=bugtraq&m=108057790723123&w=2
- http://secunia.com/advisories/11241Vendor Advisory
- http://securitytracker.com/id?1009571Vendor Advisory
- http://www.securityfocus.com/bid/9994Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15642
- http://marc.info/?l=bugtraq&m=108057790723123&w=2
- http://secunia.com/advisories/11241Vendor Advisory
- http://securitytracker.com/id?1009571Vendor Advisory
- http://www.securityfocus.com/bid/9994Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15642
FAQ
What is CVE-2004-1870?
CVE-2004-1870 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments...
How severe is CVE-2004-1870?
CVE-2004-1870 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1870?
Check the references section above for vendor advisories and patch information. Affected products include: Photopost Photopost Php Pro.