CVE-2004-1870 (CNNVD-200403-122)
中文标题:
All Enthusiast Photopost PHP Pro多个输入验证漏洞
英文标题:
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers...
漏洞描述
中文描述:
PhotoPost PHP Pro 4.6.x以及之前的版本存在多个SQL注入漏洞。远程攻击者借助(1)addfav.php的photo参数,(2)comments.php的photo参数,(3)comments.php的credit参数,(4)index.php的cat漏洞,(5)showgallery.php的ppuser漏洞,(6)showgallery.php的cat参数,(7)uploadphoto.php的cat参数,(8)useralbums.php的albumid参数获得用户的密码。
英文描述:
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| photopost | photopost_php_pro | 3.1 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:3.1:*:*:*:*:*:*:*
|
| photopost | photopost_php_pro | 3.2 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:3.2:*:*:*:*:*:*:*
|
| photopost | photopost_php_pro | 3.3 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:3.3:*:*:*:*:*:*:*
|
| photopost | photopost_php_pro | 4.0 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:4.0:*:*:*:*:*:*:*
|
| photopost | photopost_php_pro | 4.1 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:4.1:*:*:*:*:*:*:*
|
| photopost | photopost_php_pro | 4.6 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:4.6:*:*:*:*:*:*:*
|
| photopost | photopost_php_pro | 4.8.1 | - | - |
cpe:2.3:a:photopost:photopost_php_pro:4.8.1:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
cve.org
cve.org
cve.org
cve.org
exploitdb
exploitdb
cve.org
exploitdb
exploitdb
cve.org
CVSS评分详情
AV:N/AC:L/Au:N/C:P/I:P/A:P
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2004-1870 |
2025-11-11 15:17:30 | 2025-11-11 07:32:23 |
| NVD | nvd_CVE-2004-1870 |
2025-11-11 14:50:54 | 2025-11-11 07:41:09 |
| CNNVD | cnnvd_CNNVD-200403-122 |
2025-11-11 15:08:44 | 2025-11-11 07:48:53 |
| EXPLOITDB | exploitdb_EDB-23885 |
2025-11-11 15:05:40 | 2025-11-11 08:19:46 |
| EXPLOITDB | exploitdb_EDB-43808 |
2025-11-11 15:05:40 | 2025-11-11 08:46:25 |
版本与语言
安全公告
变更历史
查看详细变更
- references_count: 8 -> 11
- tags_count: 4 -> 6
查看详细变更
- references_count: 5 -> 8
- tags_count: 0 -> 4
- data_sources: ['cnnvd', 'cve', 'nvd'] -> ['cnnvd', 'cve', 'exploitdb', 'nvd']
查看详细变更
- vulnerability_type: 未提取 -> SQL注入
- cnnvd_id: 未提取 -> CNNVD-200403-122
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
- cvss_score: 未提取 -> 7.5
- cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:P
- cvss_version: NOT_EXTRACTED -> 2.0
- affected_products_count: 0 -> 7
- data_sources: ['cve'] -> ['cve', 'nvd']