CVE

Id
10297  
CVE No.
CVE-2004-1870  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users" passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.  
Phase
Assigned (20050504)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
71037 10297 CVE-2004-1870 BUGTRAQ:20040328 PhotoPost PHP Pro Multiple Vulnerabilities  View
71038 10297 CVE-2004-1870 URL:http://marc.info/?l=bugtraq&m=108057790723123&w=2  View
71039 10297 CVE-2004-1870 BID:9994  View
71040 10297 CVE-2004-1870 URL:http://www.securityfocus.com/bid/9994  View
71041 10297 CVE-2004-1870 SECTRACK:1009571  View
71042 10297 CVE-2004-1870 URL:http://securitytracker.com/id?1009571  View
71043 10297 CVE-2004-1870 SECUNIA:11241  View
71044 10297 CVE-2004-1870 URL:http://secunia.com/advisories/11241  View
71045 10297 CVE-2004-1870 XF:photopost-php-sql-injection(15642)  View

Related JVN