[VIM] Copy of: Security issues in IPG (fwd)
Steven M. Christey
coley at linus.mitre.org
Thu Apr 27 18:08:38 EDT 2006
filled out the web form... clarification post to bugtraq awaiting
approval.
---------- Forwarded message ----------
Date: Thu, 27 Apr 2006 18:05:05 -0400
From: Instant Photo Gallery
To: coley at mitre.org
Subject: Copy of: Security issues in IPG
This is a copy of the following message you sent to Ed Verosky via Instant
Photo Gallery
This is an enquiry e-mail via http://www.instantphotogallery.com from:
Steve Christey <coley at mitre.org>
Hello,
I am a computer security professional for the CVE project, which is
sponsored by the Department of Homeland Security to assign standard
identifiers for security vulnerabilities (http://www.us-cert.gov/cve/,
http://cve.mitre.org/)
Recently, some security vulnerability information about your product
was posted here:
http://www.securityfocus.com/archive/1/432024/100/0/threaded
and here:
http://www.securityfocus.com/archive/1/432022/100/0/threaded
It seems that the portfolio.php/cat_id issue might have been fixed in
1.0.2, but portfolio_photo_popup.php/id seems to be related to SQL
injection when count_click() is called.
I couldn't see anything about "viewpro" in the code anywhere - was that
report entirely wrong?
I would appreciate any information and fixes you might have.
Thank you,
Steve Christey
Principal Information Security Engineer
CVE Editor
The MITRE Corporation
More information about the VIM
mailing list