Photopost Photopost Php Pro — known CVE vulnerabilities
Every CVE whose affected-product data names Photopost Photopost Php Pro, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (16)
CVE-2004-0239 — CVSS 10.0 (critical): SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via…
CVE-2004-0250 — CVSS 10.0 (critical): SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter…
CVE-2005-0273 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands…
CVE-2006-4990 — CVSS 7.5 (high): Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow remote attackers to execute arbitrary PHP code via a URL in the…
CVE-2004-1870 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1)…
CVE-2005-0774 — CVSS 7.5 (high): SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary…
CVE-2005-0775 — CVSS 7.5 (high): The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows…
CVE-2005-1629 — CVSS 7.5 (high): SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey…
CVE-2006-4828 — CVSS 7.5 (high): PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP…
CVE-2005-0778 — CVSS 5.0 (medium): PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary…
CVE-2005-0776 — CVSS 5.0 (medium): adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow…
CVE-2005-0777 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML…
CVE-2004-1871 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web…
CVE-2005-2737 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF…
CVE-2005-0274 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary…
CVE-2005-0928 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML…