‘Photopost PHP Pro SQL Injection Vulnerability’
‘PhotoPost PHP Pro ‘lets your users upload and discuss photos in galleries that you create as well as public and private albums that they create, and it integrates seamlessly into your current site design.’
There is a flaw in Photopost PHP Pro that allows an attacker to disclose sensitive information that could be used to gain unauthorized access.’
* Photopost PHP Pro version 4.6 and prior
The problems exist due to insufficient sanitization of user-supplied data. A remote attack could exploit these issues and inject other SQL queries which might disclose sensitive information.
The vendor has been contacted and a patch is available.’