SQL Injection In ReviewPost PHP Pro Network Vulnerability

Summary

The remote host could be vulnerable to SQL Injection, because you are probably running ReviewPost PHP Pro, a web-based software that manage users opinions. There is a flaw in this software which may allow a malicious attacker to inject arbitrary SQL queries which allows it to fetch data from the database.

Solution

Download the vendor supplied patch at http://www.photopost.com/members/forum/showthread.php?s=&threadid=98098

Severity

Classification

CVE CVE-2004-2175

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AjaXplorer zoho plugin Directory Traversal Vulnerability
Atmail Multiple Unspecified Security Vulnerabilities.
AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
admin.cgi overflow
ASP Inline Corporate Calendar SQL injection

SQL injection in ReviewPost PHP Pro

Take action and discover your vulnerabilities