PhotoPost PHP Multiple Vulnerabilities

vendor:

PhotoPost PHP

by:

SecurityFocus

7.5

CVSS

HIGH

SQL Injection and Cross-Site Scripting

89, 79

CWE

Product Name: PhotoPost PHP

Affected Version From: 3.3.2001

Affected Version To: 3.3.2001

Patch Exists: YES

Related CWE: N/A

CPE: a:photopost:photopost_php

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PhotoPost PHP Multiple Vulnerabilities

PhotoPost PHP is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically construct SQL queries.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/35996/info

PhotoPost PHP is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

PhotoPost PHP 3.3.1 is vulnerable; other versions may also be affected. 

http://www.example.com/showgallery.php?cat=[nr] and substring(@@version,1,1)=4 <= True
http://www.example.com/showgallery.php?cat=[nr] and substring(@@version,1,1)=5 <= False
http://www.example.com/showgallery.php?cat=&#039;"><script>alert(&#039;xss&#039;)</script>