GEN:SID | 1:2372 |
Message | WEB-PHP Photopost PHP Pro showphoto.php access |
Summary | This event is generated when an attempt is made to access showphoto.php, a component of the Photopost PHP web application running on a server.
|
Impact | Unauthorized administrative access to the underlying database.
|
Detailed Information | Photopost is a PHP photo gallery application. It is possible for a remote attacker to perform SQL queries on the database used by Photopost that could disclose sensitive information or compromise the data stored on the server.
|
Affected Systems | Photopost PHP Pro version 4.6 and earlier
|
Attack Scenarios | An attacker can manipulate the photo parameter in the script showphoto.php to perform SQL queries of their choosing.
|
Ease of Attack | Simple.
|
Corrective Action | Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied.
|
Additional References | |
Rule References | bugtraq: 9557
|