Detections
Analytics
PhotoPost < 5.1 Multiple Input Validation Vulnerabilities
high Nessus Plugin ID 17649
Language:
Synopsis
The remote web server contains a PHP application that is affected by several vulnerabilities.Description
The version of PhotoPost PHP installed on the remote host is prone to multiple input validation vulnerabilities:o Multiple SQL Injection Vulnerabilities The application fails to properly sanitize user-input via the 'sl' parameter of the 'showmembers.php' script, and the 'photo' parameter of the 'showphoto.php' script. An attacker can exploit these flaws to manipulate SQL queries, possibly destroying or revealing sensitive data.
o Multiple Cross-Site Scripting Vulnerabilities The application fails to properly sanitize user-input via the 'photo' parameter of the 'slideshow.php' script, the 'cat', 'password', 'si', 'ppuser', and 'sort' parameters of the 'showgallery.php' script, and the 'ppuser', 'sort', and 'si' parameters of the 'showmembers.php' script.
An attacker can exploit these flaws to inject arbitrary HTML or code script in a user's browser in the context of the affected website, resulting in theft of authentication data or other such attacks.
Solution
The issues are reportedly fixed by upgrading to PhotoPost PHP version 5.1.See Also
Plugin Details
Severity: High
ID: 17649
File Name: photopost_multiple_input_vulns.nasl
Version: 1.20
Type: remote
Family: CGI abuses
Published: 3/30/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:photopost:photopost_php, cpe:/a:photopost:photopost_php_pro
Required KB Items: www/photopost
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 3/28/2005
Reference Information
CVE: CVE-2005-0928, CVE-2005-0929
BID: 12920