PT-2006-3061 · Verosky Media · Verosky Media Instant Photo Gallery

Qex

Published

2006-04-27

Updated

2018-10-18

CVE-2006-2080

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Verosky Media Instant Photo Gallery version 1.0.2

Description The issue allows remote attackers to execute arbitrary SQL commands via the id parameter in the portfolio photo popup.php file, which is not properly cleansed before calling the count click function in includes/functions/fns std.php. This could potentially lead to resultant XSS.

Recommendations For Verosky Media Instant Photo Gallery version 1.0.2, consider disabling the count click function in includes/functions/fns std.php or restricting access to the portfolio photo popup.php file until a patch is available. Avoid using the id parameter in the affected file to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-2080

Affected Products

Verosky Media Instant Photo Gallery

PT-2006-3061 · Verosky Media · Verosky Media Instant Photo Gallery

CVE-2006-2080

Related Identifiers

Affected Products

References · 10