OSVDB ID: 14680

Title: PhotoPost Pro misc.php Administrator Email Flood DoS

Info

Disclosure

Mar 11, 2005

Discovery

Unknown

Dates

Exploit

Mar 11, 2005

Solution

Unknown

Description

PhotoPost Pro contains a flaw that may allow a remote denial of service. The problem is that the 'reportpost' action in 'misc.php' does not limit the logging data that is sent to the administrator, which may allow a remote attacker to send an unlimited amount of mails to the administrator.

Classification

Location: Remote / Network Access
Impact: Loss of Availability
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 5.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

All Enthusiast, Inc.

PhotoPost PHP Pro

5.0 RC3

References

Credit

  • Igor Franchuk - sprogonline.ru -


Direct URL: http://osvdb.org/14680