PT-2005-1804 · Photopost · Photopost Php

Igor Franchuk

Published

2005-03-20

Updated

2017-07-11

CVE-2005-0775

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PhotoPost PHP version 5.0 RC3

Description The issue concerns the reportpost action in misc.php, which fails to limit the logging data sent to the administrator. This allows remote attackers to send large amounts of email to the administrator.

Recommendations For PhotoPost PHP version 5.0 RC3, consider restricting access to the reportpost action in misc.php to prevent abuse, or limit the amount of logging data that can be sent to the administrator to mitigate the risk of receiving large amounts of email.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0775

Affected Products

Photopost Php

PT-2005-1804 · Photopost · Photopost Php

CVE-2005-0775

Related Identifiers

Affected Products

References · 6