[VIM] PhotoPost PHP 4.6.5 (ecard.php) SQL Injection Vulnerability
George A. Theall
theall at tenable.com
Tue Aug 3 12:20:04 CDT 2010
Exploit DB 14453 talks about two SQL injection vulnerabilities in an
old version of PhotoPost, the second involving the 'photo' parameter
to the 'showphoto.php' script. It looks like BID 41946 was created
based on the same advisory.
Isn't that issue the same as one reported by Digital Crab in 2004 and
covered by CVE-2004-0239 / BID 9557?
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list