Photo Organizer Multiple Input Validation Vulnerabilities

Bugtraq ID:	21351
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Nov 29 2006 12:00AM
Updated:	Nov 30 2006 04:10AM
Credit:	The vendor reported these vulnerabilities.
Vulnerable:	Photo Organizer Photo Organizer 2.32b
Not Vulnerable:	Photo Organizer Photo Organizer 2.33-rc1

Photo Organizer Multiple Input Validation Vulnerabilities

Photo Organizer is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, access or modify sensitive data, execute arbitrary script code in the context of the application, compromise the application, and possibly exploit latent vulnerabilities in the underlying system; other attacks are also possible.

Photo Organizer 2.32b and prior versions are vulnerable.

Photo Organizer Multiple Input Validation Vulnerabilities

An attacker can exploit these issues via a web client.

Photo Organizer Multiple Input Validation Vulnerabilities

Solution:
The vendor has released version 2.33-rc3 to address these issues; please see the references for details.


Photo Organizer Photo Organizer 2.32b

• Photo Organizer po-2.33-rc3.tar.bz2
  http://po.shaftnet.org/_media/wiki:po-2.33-rc3.tar.bz2

Photo Organizer Multiple Input Validation Vulnerabilities

References:

• Photo Organizer Web Site (Photo Organizer)