CVE-2005-1629

Photopost PHP Pro - SQL Injection via Verifykey Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1629. PoCs published by basher13.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PhotoPost's member.php, allowing an attacker to extract admin MD5 hashes and usernames via a crafted HTTP request. The exploit sends a malicious query to the target server and retrieves sensitive data via email.

Description

SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by basher13 · perlwebappsphp
https://www.exploit-db.com/exploits/989

This exploit targets a SQL injection vulnerability in PhotoPost's member.php, allowing an attacker to extract admin MD5 hashes and usernames via a crafted HTTP request. The exploit sends a malicious query to the target server and retrieves sensitive data via email.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PhotoPost (version not specified)
No auth needed
Prerequisites: Target server running PhotoPost · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Patch mailing-list x_refsource_fulldisc
http://seclists.org/lists/fulldisclosure/2005/May/0311.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13620

Scores

EPSS 0.0209
EPSS Percentile 79.2%

Details

Status published
Products (8)
photopost/photopost_php_pro 3.1
photopost/photopost_php_pro 3.2
photopost/photopost_php_pro 3.3
photopost/photopost_php_pro 4.0
photopost/photopost_php_pro 4.1
photopost/photopost_php_pro 4.6
photopost/photopost_php_pro 4.8.1
photopost/photopost_php_pro 5.0_rc3
Published May 17, 2005
Tracked Since Feb 18, 2026