PHP Photo Album < 2.0.14 Multiple Vulnerabilities

high Nessus Network Monitor Plugin ID 2821

Synopsis

The remote web server contains a script that is vulnerable to a SQL injection attack.

Description

The remote host is running Photo Album, a phpBB module that enables users to easily share photo albums via the internet. This version of Photo Album is vulnerable to a SQL injection attack within the 'mode' parameter of the album_search.php script. An attacker exploiting this flaw would send a malformed query to the album_search.php script which, when processed, would give the attacker the ability to read and/or modify data. In addition, the attacker may be able to execute arbitrary code. Photo Album is also vulnerable to a Cross-Site Scripting (XSS) attack within the 'sid' parameter of the album_cat.php and album_comment.php scripts. An attacker exploiting this flaw would need to convince a user to browse to a malicious URI. Successful exploitation would result in attacker code running within the victim browser possibly resulting in the loss of confidential data (such as cookies).

Solution

Upgrade to version 2.0.14 or higher.

Plugin Details

Severity: High

ID: 2821

Family: CGI

Published: 4/13/2005

Updated: 3/6/2019

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:H/RL:U/RC:X

Vulnerability Information

CPE: cpe:/a:smartor:photo_album

Reference Information

CVE: CVE-2005-1115

BID: 13157, 13158

Detections

Analytics