CVE-2005-0274

PhotoPost PHP Pro < 4.85 - Cross-Site Scripting via showgallery.php Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0274.

AI-analyzed exploit summary The document describes multiple vulnerabilities in PhotoPost <= 4.85, including SQL injection and XSS flaws. It provides technical details on affected parameters and attack vectors but does not include functional exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/43822

View Code ZIP pw:eip

The document describes multiple vulnerabilities in PhotoPost <= 4.85, including SQL injection and XSS flaws. It provides technical details on affected parameters and attack vectors but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Moderate

Reliability

Theoretical

Target: PhotoPost <= 4.85

No auth needed

Prerequisites: Access to vulnerable PhotoPost installation

MITRE ATT&CK