CVE-2004-0239 - All Enthusiast Photopost PHP Pro SQL Injection Vulnerability

Publication

2004-11-23

Last modification

2017-07-11

Summary

SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.

Risk level (CVSS AV:N/AC:L/Au:N/C:C/I:C/A:C)

High

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Photopost Photopost PHP PRO  4.6 , 4.0 , 3.2 , 3.1 , 4.1 , 3.3