Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.50205 |
Category: | Remote file access |
Title: | PhotoPost Pro Cross Site Scripting/SQL injection |
Summary: | NOSUMMARY |
Description: | Description: PhotoPost Pro allows web users to insert abitrary text into form and URL variables, enabling both cross-site scripting as well as SQL injection attacks. http://www.example.com/showgallery.php?si= http://www.example.com/showgallery.php?cat=5 Versions prior to release 4.86 are vulnerable. For more information, the original advisory can be seen here: http://www.gulftech.org/?node=research&article_id=00063-01032005 Solution : Upgrade to version 4.86 or later. Risk factor : High |
Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |