Vulnerabilities > Photopost
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-05-02 | CVE-2005-0776 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | 5.0 |
| 2005-05-02 | CVE-2005-0775 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | 7.5 |
| 2005-05-02 | CVE-2005-0273 | Input Validation vulnerability in All Enthusiast PhotoPost Classifieds Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0272 | Remote Security vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5 ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions. | 7.5 |
| 2005-05-02 | CVE-2005-0270 | Cross-Site Scripting vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5/2.5.1 Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php. network photopost | 4.3 |
| 2005-03-10 | CVE-2005-0774 | Remote vulnerability in Photopost PHP PRO 5.0Rc3 SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | 7.5 |
| 2005-01-03 | CVE-2005-0274 | Input Validation vulnerability in All Enthusiast PhotoPost Classifieds Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. network photopost | 4.3 |
| 2005-01-03 | CVE-2005-0271 | SQL-Injection vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5 Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php. | 7.5 |
| 2004-11-23 | CVE-2004-0250 | SQL Injection vulnerability in All Enthusiast Photopost PHP Pro SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php. | 10.0 |
| 2004-11-23 | CVE-2004-0239 | SQL Injection vulnerability in All Enthusiast Photopost PHP Pro SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | 10.0 |