PhotoPost PHP < 5.0.1 Multiple Remote Vulnerabilities

high Nessus Plugin ID 17314

Synopsis

The remote web server contains a PHP application that is affected by several vulnerabilities.

Description

According to its banner, the version of PhotoPost PHP installed on the remote host has several vulnerabilities:

- An Access Validation Vulnerability.
The 'adm-photo.php' script fails to verify authentication credentials, which allows an attacker to change the properties of thumbnails of uploaded images.

- A SQL Injection Vulnerability.
The 'uid' parameter in the 'member.php' script is not properly sanitized before use in SQL queries. An attacker can leverage this flaw to disclose or modify sensitive information or perhaps even launch attacks against the underlying database implementation.

- A Cross-site Scripting (XSS) Vulnerability.
The 'editbio' parameter of the user profile form is not sanitized properly, allowing an attacker to inject arbitrary script or HTML in a user's browser in the context of the affected website, resulting in theft of authentication data or other such attacks.

Solution

Upgrade to PhotoPost PHP version 5.01 or later.

See Also

https://seclists.org/bugtraq/2005/Mar/213

https://seclists.org/fulldisclosure/2005/May/311

Plugin Details

Severity: High

ID: 17314

File Name: photopost_multiple_vulns.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 3/11/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:photopost:photopost_php, cpe:/a:photopost:photopost_php_pro

Required KB Items: www/photopost

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 3/11/2005

Reference Information

CVE: CVE-2005-0774, CVE-2005-0775, CVE-2005-0776, CVE-2005-0777, CVE-2005-0778, CVE-2005-1629

BID: 12779, 13620

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990