Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0250

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0250
Last Modified 05 Sep 2008 04:37:55
Published 23 Nov 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0250

Summary

SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.

Vulnerable Systems

Application

  • Photopost Php Pro 3.1

  • Photopost Php Pro 3.2

  • Photopost Php Pro 3.3

  • Photopost Php Pro 4.0

  • Photopost Php Pro 4.1

  • Photopost Php Pro 4.6


References

BUGTRAQ - 20040204 ZH2004-04SA (security advisory): Multiple Sql Injection

XF - photopostphp-sql-injection(15008)

MISC - http://www.zone-h.org/en/advisories/read/id=3864/

BID - 9557


Last Updated: 27 May 2016 10:38:32