PT-2005-2131 · Unknown · Php Photo Album

Diabolic Crab

Published

2005-04-16

Updated

2017-07-11

CVE-2005-1114

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Photo Album version 2.0.53

Description The issue concerns SQL injection vulnerabilities in the album search.php file. Remote attackers can execute arbitrary SQL commands by manipulating the mode or search parameters.

Recommendations For version 2.0.53, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the album search.php file to minimize the risk of exploitation. Avoid using the mode and search parameters in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1114

Affected Products

Php Photo Album

PT-2005-2131 · Unknown · Php Photo Album

CVE-2005-1114

Related Identifiers

Affected Products

References · 7