|
PHPWebGallery Multiple SQL Injection Vulnerabilities
No exploit is required. The following proof-of-concept URIs are available: http://www.example.com/comments.php?keyword=&author=&cat=0&since=[SQL] http://www.example.com/comments.php?keyword=&author=&cat=0&since=1&sort_by=[SQL] http://www.example.com/comments.php?keyword=&author=&cat=0&since=1&sort_by=date&sort_order=descending&items_number=[SQL] http://www.example.com/category.php?cat=search&search=[SQL] http://www.example.com/picture.php?cat=best_rated&image_id=[SQL] |
|
|
Privacy Statement |
