CVE-2005-0929

Properties

Published:
01.05.2005
Updated:
27.09.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
PhotoPost: PhotoPost PHP Pro

Vulnerability description

SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.

References:

MISC: http://securitytracker.com/id?1013581
SECUNIA: http://secunia.com/advisories/14742
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111205342909640&w=2
BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=111213719017716&w=2
OSVDB: http://www.osvdb.org/15099
OSVDB: http://www.osvdb.org/15100