Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0778


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0778
Last Modified 05 Sep 2008 04:47:17
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.

Vulnerable Systems


  • Photopost Php Pro 5.0 Rc3


XF - photopost-file-upload(19679)

BID - 12779

SECUNIA - 14576

BUGTRAQ - 20050311 PhotoPost PHP 5.0 RC3, and later, multiple vulnerabilities

Last Updated: 27 May 2016 10:39:56