Описание
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
EPSS
7.5 High
CVSS2
Дефекты
Связанные уязвимости
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
EPSS
7.5 High
CVSS2