All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vulnerability
BID:13620
Info
All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vulnerability
| Bugtraq ID: | 13620 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 13 2005 12:00AM |
| Updated: | May 13 2005 12:00AM |
| Credit: | Discovery is credited to Diabolic Crab. |
| Vulnerable: |
All Enthusiast Inc Photopost PHP Pro 5.0 RC3 All Enthusiast Inc Photopost PHP Pro 4.8.1 All Enthusiast Inc Photopost PHP Pro 4.6 All Enthusiast Inc Photopost PHP Pro 4.1 All Enthusiast Inc Photopost PHP Pro 4.0 All Enthusiast Inc Photopost PHP Pro 3.3 All Enthusiast Inc Photopost PHP Pro 3.2 All Enthusiast Inc Photopost PHP Pro 3.1 |
| Not Vulnerable: | |
Discussion
All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vulnerability
PhotoPost PHP Pro is affected by an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input to the 'member.php' script before using it in an SQL query.
All versions of PhotoPost PHP Pro are considered vulnerable at the moment.
PhotoPost PHP Pro is affected by an SQL injection vulnerability.
This issue is due to a failure in the application to properly sanitize user-supplied input to the 'member.php' script before using it in an SQL query.
All versions of PhotoPost PHP Pro are considered vulnerable at the moment.
Exploit / POC
All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vulnerability
The following proof of concept is available:
The following proof of concept is available:
Solution / Fix
All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
All Enthusiast PhotoPost PHP Pro Member.PHP SQL Injection Vulnerability
References:
References:
- PhotoPost PHP Homepage (All Enthusiast Inc)