SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.

The remote host is running PhotoPost, a web-based image gallery written in PHP.  This version of PhotoPost is reported vulnerable to a remote SQL Injection flaw.  An attacker exploiting this flaw would only need to be able to send HTTP requests to or from the application web server.  Successful exploitation would result in the attacker being able to read or write data.  In addition, the attacker may be able to execute arbitrary code on the remote database server.

According to its banner, the version of PhotoPost PHP installed on the remote host has several vulnerabilities:

  - An Access Validation Vulnerability.
    The 'adm-photo.php' script fails to verify authentication     credentials, which allows an attacker to change the     properties of thumbnails of uploaded images.

  - A SQL Injection Vulnerability.
    The 'uid' parameter in the 'member.php' script is not     properly sanitized before use in SQL queries. An     attacker can leverage this flaw to disclose or modify     sensitive information or perhaps even launch attacks     against the underlying database implementation.

  - A Cross-site Scripting (XSS) Vulnerability.
    The 'editbio' parameter of the user profile form is not sanitized     properly, allowing an attacker to inject arbitrary script or     HTML in a user's browser in the context of the affected website,     resulting in theft of authentication data or other such attacks.

The remote host is running PhotoPost, a web-based image gallery written in PHP.  This version of PhotoPost is reported to be vulnerable to multiple flaws.  Specifically, the host is reported vulnerable to an access validation flaw within the 'adm-photo.php' script.  An attacker exploiting this flaw would be able to upload images under the context of another user.  The second flaw is a Cross-Site Scripting (XSS) vulnerability.  Exploiting the XSS flaw may enable an attacker to inject arbitrary script code into the browser of unsuspecting users.  A successful attack would potentially allow the attacker the ability to view confidential data (cookies, authentication data, and more) or compromise the integrity of the local system via the web browser.

ID	Name	Product	Family	Severity
2903	PhotoPost PHP Pro < 5.02 RC4 member.php uid Parameter SQL Injection	Nessus Network Monitor	CGI	high
17314	PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities	Nessus	CGI abuses	high
2694	PhotoPost Multiple Vulnerabilities	Nessus Network Monitor	CGI	high

Detections

Analytics

CVE-2005-1629

critical

Tenable Plugins

high

high

high