CVE-2004-0250

SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/9557	Exploit Vendor Advisory
http://www.zone-h.org/en/advisories/read/id=3864/
http://marc.info/?l=bugtraq&m=107593114909696&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/15008

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:photopost:photopost_php_pro:3.1:::::::*
	cpe:2.3:a:photopost:photopost_php_pro:4.0:::::::*
	cpe:2.3:a:photopost:photopost_php_pro:4.1:::::::*
	cpe:2.3:a:photopost:photopost_php_pro:3.2:::::::*
	cpe:2.3:a:photopost:photopost_php_pro:3.3:::::::*
	cpe:2.3:a:photopost:photopost_php_pro:4.6:::::::*

Information

Published : 2004-11-22 21:00

Updated : 2017-07-10 18:30

NVD link : CVE-2004-0250

Mitre link : CVE-2004-0250

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

photopost

photopost_php_pro

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/9557", "name": "9557", "tags": ["Exploit", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.zone-h.org/en/advisories/read/id=3864/", "name": "http://www.zone-h.org/en/advisories/read/id=3864/", "tags": [], "refsource": "MISC"}, {"url": "http://marc.info/?l=bugtraq&m=107593114909696&w=2", "name": "20040204 ZH2004-04SA (security advisory): Multiple Sql Injection", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15008", "name": "photopostphp-sql-injection(15008)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0250", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2004-11-23T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:photopost:photopost_php_pro:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:photopost:photopost_php_pro:4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:photopost:photopost_php_pro:4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:photopost:photopost_php_pro:3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:photopost:photopost_php_pro:3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:photopost:photopost_php_pro:4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:30Z"}