CVE-2004-1870

Name of the Vulnerable Software and Affected Versions PhotoPost PHP Pro versions 4.6.x and earlier

Description The issue allows remote attackers to gain users' passwords due to multiple SQL injection vulnerabilities. These vulnerabilities can be exploited through various parameters in different PHP files, including the photo parameter to "addfav.php" and "comments.php", the credit parameter to "comments.php", the cat parameter to "index.php", "showgallery.php", and "uploadphoto.php", the ppuser parameter to "showgallery.php", and the albumid parameter to "useralbums.php".

Recommendations For PhotoPost PHP Pro versions 4.6.x and earlier, update to a version later than 4.6.x to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameters, such as photo, credit, cat, ppuser, and albumid, in the affected PHP files until a patch is available.