CVE-2004-1870
published 2004-03-29CVE-2004-1870: Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to…
PriorityP334high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.2th percentile
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
| photopost | photopost_php_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections
exploitdb·2004-03-29
CVE-2004-1870 PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections
PhotoPost PHP Pro 3.x/4.x - 'showgallery.php' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/9994/info
Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks.
Photopost PHP Pro 4.6.0 and prior may be prone to these issues. Photopost PHP Pro 4.8.1 is reported vulnerable to these issues as well.
http://www.example.com/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500
Exploit-DB
PhotoPost < 4.6 - Multiple Vulnerabilities
exploitdb·2004-03-28·CVSS 7.5
CVE-2004-1870 [HIGH] PhotoPost < 4.6 - Multiple Vulnerabilities
PhotoPost var%20i=1;%20while(i){alert(i);};
This is possible because the "perpage" variable resides in the users cookie. Like I said before a user does not have to be logged in for this to happen.
Solution:
The vendor was contacted. Most of these issues do not seem to be present in 4.7 though. Users are encouraged to upgrade ASAP.
Credits:
James Bercegay of the GulfTech Security Research Team.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=108057790723123&w=2http://secunia.com/advisories/11241http://securitytracker.com/id?1009571http://www.securityfocus.com/bid/9994https://exchange.xforce.ibmcloud.com/vulnerabilities/15642http://marc.info/?l=bugtraq&m=108057790723123&w=2http://secunia.com/advisories/11241http://securitytracker.com/id?1009571http://www.securityfocus.com/bid/9994https://exchange.xforce.ibmcloud.com/vulnerabilities/15642
2004-03-29
Published