Description
SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02, 1.01, and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6977
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32494
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/49823
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6977
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32097
Scores
EPSS
0.0038
EPSS Percentile
59.3%
Details
CWE
CWE-89
Status
published
Products (2)
webbdomian/post_card
1.01
webbdomian/post_card
< 1.02
Published
Apr 06, 2009
Tracked Since
Feb 18, 2026