PT-2005-1955 · Photopost · Photopost Php Pro

Diabolic Crab

Published

2005-03-29

Updated

2016-10-18

CVE-2005-0928

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PhotoPost PHP Pro versions 5.x

Description The issue allows remote attackers to inject arbitrary web script or HTML via vulnerable parameters in several PHP files. The parameters cat, password, ppuser, sort, and si in showgallery.php, parameters ppuser, sort, and si in showmembers.php, and the photo parameter in slideshow.php are affected.

Recommendations For PhotoPost PHP Pro version 5.x, update the software to a version that fixes the XSS vulnerabilities in the showgallery.php, showmembers.php, and slideshow.php files by properly sanitizing user input for the cat, password, ppuser, sort, si, and photo parameters. As a temporary workaround, consider restricting access to these parameters to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0928

Affected Products

Photopost Php Pro

PT-2005-1955 · Photopost · Photopost Php Pro

CVE-2005-0928

Related Identifiers

Affected Products

References · 11