CVE-2004-2175

ReviewPost PHP Pro - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by G00db0y · textwebappsphp

https://www.exploit-db.com/exploits/23645

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by G00db0y · textwebappsphp

https://www.exploit-db.com/exploits/23646

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9574

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15035

Patch, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10786/

Patch x_refsource_misc

http://www.zone-h.org/en/advisories/read/id=3864/

Exploit, Patch mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/352598

Scores

EPSS 0.0074

EPSS Percentile 73.0%

Details

Status published

Products (2)

all_enthusiast_inc/reviewpost_php_pro 2.5

all_enthusiast_inc/reviewpost_php_pro 2.5.1

Published Dec 31, 2004

Tracked Since Feb 18, 2026