| VID |
21537 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PhotoPost program is vulnerable to multiple input validation vulnerabilities. PhotoPost PHP Pro is a web-based photo gallery program that uses a MySQL database. PhotoPost PHP Pro versions 5.x are vulnerable to multiple input validation vulnerabilities, which can be exploited by remote attackers to conduct cross-site scripting and SQL injection attacks.
1) Input passed to the "password" and "sort" parameters in "showgallery.php" and the "photo" parameter in "slideshow.php" isn't properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) Input passed to the "sl" parameter in "showmembers.php" isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-03/0477.html
http://secunia.com/advisories/14742/
http://www.osvdb.org/displayvuln.php?osvdb_id=15096
http://www.osvdb.org/displayvuln.php?osvdb_id=15097
http://www.osvdb.org/displayvuln.php?osvdb_id=15098
http://www.osvdb.org/displayvuln.php?osvdb_id=15099
http://www.osvdb.org/displayvuln.php?osvdb_id=15100
* Platforms Affected:
All Enthusiast, Inc., PhotoPost PHP Pro 5.x
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of PhotoPost PHP Pro (5.0.1 later), when new version fixed this problem becomes available from the PhotoPost PHP Pro Web site at http://www.photopost.com/ |
| Related URL |
CVE-2005-0928,CVE-2005-0929 (CVE) |
| Related URL |
12920 (SecurityFocus) |
| Related URL |
19873,19874 (ISS) |
|
