Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
BID:23739
Info
Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
| Bugtraq ID: | 23739 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 01 2007 12:00AM |
| Updated: | May 01 2007 10:29PM |
| Credit: | Peterf and Dj7xpl are credited with the discovery of these vulnerabilities. |
| Vulnerable: |
psi-labs photo upload share script (psipuss) 1.0 |
| Not Vulnerable: | |
Discussion
Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
Psi-labs Photo Upload Share Script is prone to an SQL-injection and an unauthorized-access vulnerability. These issues occur because the application fails to protect certain administrative scripts and to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect Photo Upload Share Script 1.0 and prior versions.
Psi-labs Photo Upload Share Script is prone to an SQL-injection and an unauthorized-access vulnerability. These issues occur because the application fails to protect certain administrative scripts and to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
These issues affect Photo Upload Share Script 1.0 and prior versions.
Exploit / POC
Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
Attackers can use a browser to exploit these issues.
Attackers can use a browser to exploit these issues.
Solution / Fix
Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Psi-labs Photo Upload Share Script SQL Injection and Unauthorized Access Vulnerability
References:
References:
- Vendor Homepage (Psi-Labs)