Detections
Analytics
PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities
high Nessus Plugin ID 17314
Language:
Synopsis
The remote web server contains a PHP application that is affected by several vulnerabilities.Description
According to its banner, the version of PhotoPost PHP installed on the remote host has several vulnerabilities:- An Access Validation Vulnerability.
The 'adm-photo.php' script fails to verify authentication credentials, which allows an attacker to change the properties of thumbnails of uploaded images.
- A SQL Injection Vulnerability.
The 'uid' parameter in the 'member.php' script is not properly sanitized before use in SQL queries. An attacker can leverage this flaw to disclose or modify sensitive information or perhaps even launch attacks against the underlying database implementation.
- A Cross-site Scripting (XSS) Vulnerability.
The 'editbio' parameter of the user profile form is not sanitized properly, allowing an attacker to inject arbitrary script or HTML in a user's browser in the context of the affected website, resulting in theft of authentication data or other such attacks.
Solution
Upgrade to PhotoPost PHP version 5.01 or later.See Also
Plugin Details
Severity: High
ID: 17314
File Name: photopost_multiple_vulns.nasl
Version: 1.25
Type: remote
Family: CGI abuses
Published: 3/11/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:photopost:photopost_php, cpe:/a:photopost:photopost_php_pro
Required KB Items: www/photopost
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 3/11/2005
Reference Information
CVE: CVE-2005-0774, CVE-2005-0775, CVE-2005-0776, CVE-2005-0777, CVE-2005-0778, CVE-2005-1629