Vulnerabilities > CVE-2008-1711 - Cryptographic Issues vulnerability in Terong Advanced web Photo Gallery 1.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
terong
CWE-310
exploit available

Summary

Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

Vulnerable Configurations

Part Description Count
Application
Terong
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionPHP Photo Gallery 1.0 (photo_id) SQL Injection Vulnerability. CVE-2008-1711,CVE-2008-1875. Webapps exploit for php platform
fileexploits/php/webapps/5364.txt
idEDB-ID:5364
last seen2016-01-31
modified2008-04-04
platformphp
port
published2008-04-04
reportert0pP8uZz
sourcehttps://www.exploit-db.com/download/5364/
titlePHP Photo Gallery 1.0 photo_id SQL Injection Vulnerability
typewebapps