Info

Disclosure

Mar 11, 2005

Discovery

Unknown

Dates

Exploit

Mar 11, 2005

Solution

Unknown

Description

PhotoPost Pro contains a flaw that may allow a remote denial of service. The problem is that the 'reportpost' action in 'misc.php' does not limit the logging data that is sent to the administrator, which may allow a remote attacker to send an unlimited amount of mails to the administrator.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 5.01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

All Enthusiast, Inc.

PhotoPost PHP Pro

5.0 RC3

References

Bugtraq ID: 12779
Secunia Advisory ID: 14576
Related OSVDB ID: 14679 14681 14682 14683
ISS X-Force ID: 19676
CVE ID: 2005-0775 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0200.html
Vendor URL: http://www.photopost.com/

Credit

Igor Franchuk - sprogonline.ru -

Direct URL: http://osvdb.org/14680