CVE-2004-0239

SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.

Published: Nov 23, 2004
Updated: Apr 13, 2023
CVE: CVE-2004-0239
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
photopost / photopost_php_pro	4.0	4.0.x
photopost / photopost_php_pro	3.1	3.1.x
photopost / photopost_php_pro	4.1	4.1.x
photopost / photopost_php_pro	3.3	3.3.x
photopost / photopost_php_pro	4.6	4.6.x
photopost / photopost_php_pro	3.2	3.2.x

http://marc.info/?l=bugtraq&m=107582512023998&w=2
http://www.securiteam.com/securitynews/5KP010UC0W.html
http://www.securityfocus.com/bid/9557
https://exchange.xforce.ibmcloud.com/vulnerabilities/15008

Vulnerability Database

289,871

CVE-2004-0239