PhotoPost PHP 4.6.5 (ecard.php?ecard) SQL Injection Vulnerability

vendor:

PhotoPost PHP

by:

CoBRa_21

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: PhotoPost PHP

Affected Version From: 4.6.5

Affected Version To: 4.6.5

Patch Exists: N/A

Related CWE: N/A

CPE: a:photopost:photopost_php:4.6.5

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PhotoPost PHP 4.6.5 (ecard.php?ecard) SQL Injection Vulnerability

PhotoPost PHP 4.6.5 is vulnerable to SQL injection. An attacker can inject malicious SQL queries via the 'ecard' and 'photo' parameters in the 'ecard.php' and 'showphoto.php' scripts, respectively.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

########################################################################################

PhotoPost PHP 4.6.5 (ecard.php?ecard) SQL Injection Vulnerability

########################################################################################

Author : CoBRa_21

Author Web Page : http://www.ipbul.org

Dork: "Powered by: PhotoPost PHP 4.6.5"

########################################################################################
 
Sql Injection:

http://localhost/[path]/ecard.php?ecard=418337 (Sql)

http://localhost/[path]/showphoto.php?photo=418337 (Sql)

########################################################################################
Thanks : http://www.e-banka.org