SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
| Software | From | Fixed in |
|---|---|---|
| photopost / photopost_php_pro | 3.1 | 3.1.x |
| photopost / photopost_php_pro | 3.2 | 3.2.x |
| photopost / photopost_php_pro | 3.3 | 3.3.x |
| photopost / photopost_php_pro | 4.0 | 4.0.x |
| photopost / photopost_php_pro | 4.1 | 4.1.x |
| photopost / photopost_php_pro | 4.6 | 4.6.x |