CVE-2005-0273

Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=110486165802196&w=2
http://secunia.com/advisories/13680/	Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00063-01032005	Exploit Vendor Advisory
http://www.securityfocus.com/bid/12156	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/18744
http://marc.info/?l=bugtraq&m=110486165802196&w=2
http://secunia.com/advisories/13680/	Vendor Advisory
http://www.gulftech.org/?node=research&article_id=00063-01032005	Exploit Vendor Advisory
http://www.securityfocus.com/bid/12156	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/18744

Configurations

Configuration 1 (hide)

cpe:2.3:a:photopost:photopost_php_pro:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2025-04-03 01:03

NVD link : CVE-2005-0273

Mitre link : CVE-2005-0273

CVE.ORG link : CVE-2005-0273

JSON object : View

Products Affected

photopost

photopost_php_pro

CWE

NVD-CWE-Other

{"id": "CVE-2005-0273", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=110486165802196&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13680/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gulftech.org/?node=research&article_id=00063-01032005", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12156", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18744", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=110486165802196&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/13680/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.gulftech.org/?node=research&article_id=00063-01032005", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12156", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18744", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:photopost:photopost_php_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D6D629E-A1CA-42FE-B9FF-E126B0A982E9", "versionEndIncluding": "4.85"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}