Image Gallery with Access Database Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/path/dispimage.asp?id=[SQL Injection]
http://www.example.com/path/default.asp?page=2&order=[SQL Injection]
http:/www.example.com/target/path/default.asp?page=[SQL INJECTION]&order=id


 

Privacy Statement
Copyright 2010, SecurityFocus