Vulnerabilities > CVE-2004-1870 - Input Validation vulnerability in All Enthusiast Photopost PHP Pro

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

photopost

exploit available

NVD

Published: 2004-03-29

Updated: 2017-07-11

Summary

Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.

Vulnerable Configurations

Part	Description	Count
Application	Photopost Photopost Photopost PHP PRO 3.1 Photopost Photopost PHP PRO 3.2 Photopost Photopost PHP PRO 3.3 Photopost Photopost PHP PRO 4.0 Photopost Photopost PHP PRO 4.1 Photopost Photopost PHP PRO 4.6 Photopost Photopost PHP PRO 4.8.1	7

Exploit-Db

description	PhotoPost PHP Pro 3.x/4.x showgallery.php Multiple Parameter SQL Injection. CVE-2004-1870. Webapps exploit for php platform
id	EDB-ID:23885
last seen	2016-02-02
modified	2004-03-29
published	2004-03-29
reporter	JeiAr
source	https://www.exploit-db.com/download/23885/
title	PhotoPost PHP Pro 3.x/4.x showgallery.php Multiple Parameter SQL Injection

description	PhotoPost < 4.6 - Multiple Vulnerabilities. CVE-2004-1870,CVE-2004-1871. Webapps exploit for PHP platform
id	EDB-ID:43808
last seen	2018-01-24
modified	2004-03-28
published	2004-03-28
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43808/
title	PhotoPost < 4.6 - Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References