| VID |
21536 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PhotoPost which is older or equal to 5.0 RC3 is detected as running on the host. PhotoPost PHP Pro is a web-based photo gallery program that uses a MySQL database. PhotoPost PHP Pro versions 5.0 RC3 up to but not including 5.0.1 are vulnerable to multiple vulnerabilities, which can be exploited to conduct script insertion and SQL injection attacks, bypass certain security restrictions and manipulate potentially sensitive information:
1) Input passed to the "uid" parameter isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Unauthenticated users can send an unlimited amount of mails to the administrator.
3) An error allows unauthenticated users to manipulate images via the "adm-photo.php" script.
4) Input passed to the "editbio" biography field and certain unspecified URL fields is not properly sanitized before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site, when the malicious user data is viewed.
5) An input validation error causes the contents of uploaded images to not be properly verified. This can be exploited to upload a file containing arbitrary script code (e.g. HTML and javascript code), which will be executed in a user's browser session in context of an affected site when viewed.
* Note: This check solely relied on the version number of the PhotoPost installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-03/0200.html
http://secunia.com/advisories/14576/
* Platforms Affected:
All Enthusiast, Inc., PhotoPost PHP Pro 5.0 RC3 up to but not including 5.0.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PhotoPost PHP Pro (5.0.1 or later), available from the PhotoPost PHP Pro Web site at http://www.photopost.com/ |
| Related URL |
CVE-2005-0774,CVE-2005-0775,CVE-2005-0776,CVE-2005-0777,CVE-2005-0778 (CVE) |
| Related URL |
12779 (SecurityFocus) |
| Related URL |
19675,19676,19677,19678,19679 (ISS) |
|
