CVE-2005-0929
published 2005-05-02CVE-2005-0929: SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.61%
83.5th percentile
SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PhotoPost PHP 4.6.5 - 'ecard.php' SQL Injection
exploitdb·2010-07-23
CVE-2005-0929 PhotoPost PHP 4.6.5 - 'ecard.php' SQL Injection
PhotoPost PHP 4.6.5 - 'ecard.php' SQL Injection
---
########################################################################################
PhotoPost PHP 4.6.5 (ecard.php?ecard) SQL Injection Vulnerability
########################################################################################
Author : CoBRa_21
Author Web Page : http://www.ipbul.org
Dork: "Powered by: PhotoPost PHP 4.6.5"
########################################################################################
Sql Injection:
http://localhost/[path]/ecard.php?ecard=418337 (Sql)
http://localhost/[path]/showphoto.php?photo=418337 (Sql)
########################################################################################
Thanks : http://www.e-banka.org
Exploit-DB
PhotoPost Pro 5.1 - 'showphoto.php?photo' SQL Injection
exploitdb·2005-03-28
CVE-2005-0929 PhotoPost Pro 5.1 - 'showphoto.php?photo' SQL Injection
PhotoPost Pro 5.1 - 'showphoto.php?photo' SQL Injection
---
source: https://www.securityfocus.com/bid/12920/info
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes t
Exploit-DB
PhotoPost Pro 5.1 - 'showmembers.php?sl' SQL Injection
exploitdb·2005-03-28
CVE-2005-0929 PhotoPost Pro 5.1 - 'showmembers.php?sl' SQL Injection
PhotoPost Pro 5.1 - 'showmembers.php?sl' SQL Injection
---
source: https://www.securityfocus.com/bid/12920/info
Multiple input validation vulnerabilities reportedly affect PhotoPost Pro. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical actions.
The first set of issues are cross-site scripting vulnerabilities that affect the 'slideshow.php', 'showgallery.php', and 'showmembers.php' scripts. These issues arise as the application fails to properly sanitize input passed through the offending functions before including it in dynamically generated Web content.
The second set of issues are SQL injection vulnerabilities that affect the 'showmembers.php' and 'showphoto.php' scripts. The application includes th
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111205342909640&w=2http://marc.info/?l=bugtraq&m=111213719017716&w=2http://secunia.com/advisories/14742http://securitytracker.com/id?1013581http://www.osvdb.org/15099http://www.osvdb.org/15100http://marc.info/?l=bugtraq&m=111205342909640&w=2http://marc.info/?l=bugtraq&m=111213719017716&w=2http://secunia.com/advisories/14742http://securitytracker.com/id?1013581http://www.osvdb.org/15099http://www.osvdb.org/15100
2005-05-02
Published