Vulnerabilities > CVE-2004-1870 - Unspecified vulnerability in Photopost PHP PRO

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
photopost
exploit available
NVD
Published: 2004-03-29
Updated: 2024-11-20

Summary

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

Vulnerable Configurations

Part Description Count
Application
Photopost
7

Exploit-Db

  • descriptionPhotoPost PHP Pro 3.x/4.x showgallery.php Multiple Parameter SQL Injection. CVE-2004-1870. Webapps exploit for php platform
    idEDB-ID:23885
    last seen2016-02-02
    modified2004-03-29
    published2004-03-29
    reporterJeiAr
    sourcehttps://www.exploit-db.com/download/23885/
    titlePhotoPost PHP Pro 3.x/4.x showgallery.php Multiple Parameter SQL Injection
  • descriptionPhotoPost < 4.6 - Multiple Vulnerabilities. CVE-2004-1870,CVE-2004-1871. Webapps exploit for PHP platform
    idEDB-ID:43808
    last seen2018-01-24
    modified2004-03-28
    published2004-03-28
    reporterExploit-DB
    sourcehttps://www.exploit-db.com/download/43808/
    titlePhotoPost < 4.6 - Multiple Vulnerabilities

References