Vulnerabilities > CVE-2004-1871 - Input Validation vulnerability in All Enthusiast Photopost PHP Pro

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

photopost

exploit available

NVD

Published: 2004-03-29

Updated: 2017-07-11

Summary

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.

Vulnerable Configurations

Part	Description	Count
Application	Photopost Photopost Photopost PHP PRO 3.1 Photopost Photopost PHP PRO 3.2 Photopost Photopost PHP PRO 3.3 Photopost Photopost PHP PRO 4.0 Photopost Photopost PHP PRO 4.1 Photopost Photopost PHP PRO 4.6 Photopost Photopost PHP PRO 4.8.1	7

Exploit-Db

description	PhotoPost < 4.6 - Multiple Vulnerabilities. CVE-2004-1870,CVE-2004-1871. Webapps exploit for PHP platform
id	EDB-ID:43808
last seen	2018-01-24
modified	2004-03-28
published	2004-03-28
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43808/
title	PhotoPost < 4.6 - Multiple Vulnerabilities

Summary

Vulnerable Configurations

Exploit-Db

References