CVE-2005-0271

Photopost Reviewpost Php Pro < 2.5.1 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43821

View Code ZIP pw:eip

References (4)

[Mailing List] http://marc.info/?l=bugtraq&m=110485682424110&w=2

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/13697/

[Exploit, Patch, Vendor Advisory] http://www.gulftech.org/?node=research&article_id=00062-01022005

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18732

Scores

EPSS 0.0061

EPSS Percentile 69.9%

Details

Status published

Products (3)

photopost/reviewpost_php_pro 1.0.2

photopost/reviewpost_php_pro 2.5

photopost/reviewpost_php_pro < 2.5.1

Published Jan 03, 2005

Tracked Since Feb 18, 2026