CVE-2005-0928

Name of the Vulnerable Software and Affected Versions PhotoPost PHP Pro versions 5.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via vulnerable parameters in several PHP files. The parameters cat, password, ppuser, sort, and si in showgallery.php, parameters ppuser, sort, and si in showmembers.php, and the photo parameter in slideshow.php are affected.

Recommendations For PhotoPost PHP Pro version 5.x, update the software to a version that fixes the XSS vulnerabilities in the showgallery.php, showmembers.php, and slideshow.php files by properly sanitizing user input for the cat, password, ppuser, sort, si, and photo parameters. As a temporary workaround, consider restricting access to these parameters to minimize the risk of exploitation.