[VIM] PhotoPost PHP 4.6.5 (ecard.php) SQL Injection Vulnerability

George A. Theall theall at tenable.com
Tue Aug 3 12:20:04 CDT 2010

Exploit DB 14453 talks about two SQL injection vulnerabilities in an  
old version of PhotoPost, the second involving the 'photo' parameter  
to the 'showphoto.php' script. It looks like BID 41946 was created  
based on the same advisory.

Isn't that issue the same as one reported by Digital Crab in 2004 and  
covered by CVE-2004-0239 / BID 9557?

theall at tenablesecurity.com

More information about the VIM mailing list