Vulnerability Details CVE-2004-0250
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 73.8%
CVSS Severity
CVSS v2 Score 10.0
References
- http://marc.info/?l=bugtraq&m=107593114909696&w=2
- http://www.securityfocus.com/bid/9557
- http://www.zone-h.org/en/advisories/read/id=3864/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15008
- http://marc.info/?l=bugtraq&m=107593114909696&w=2
- http://www.securityfocus.com/bid/9557
- http://www.zone-h.org/en/advisories/read/id=3864/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15008
Products affected by CVE-2004-0250
-
cpe:2.3:a:photopost:photopost_php_pro:3.1
-
cpe:2.3:a:photopost:photopost_php_pro:3.2
-
cpe:2.3:a:photopost:photopost_php_pro:3.3
-
cpe:2.3:a:photopost:photopost_php_pro:4.0
-
cpe:2.3:a:photopost:photopost_php_pro:4.1
-
cpe:2.3:a:photopost:photopost_php_pro:4.6