Nessus Plugin #16101
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
PhotoPost showgallery.php SQL Injection
- Family:
- CGI abuses
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2005 Noam Rathaus
- Summary:
- Checks for the presence of an SQL injection in showgallery.php
- Version:
- $Revision: 1.2 $
- Cve_id:
- CAN-2005-0273, CAN-2005-0274
- Bugtraq_id:
- 12156, 12157
- Xrefs:
- OSVDB:12741, OSVDB:12742
- Description:
The remote version of PhotoPost PHP contains a vulnerability in the file
'showgallery.php' which allows a remote attacker to cause the program to
execute arbitrary SQL statements against the remote database.
See also : http://www.gulftech.org/?node=research&article_id=00063-01032005
Solution : Upgrade to the newest version of this software.
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.