Phpwebgallery <= 1.4.1 SQL injection Vulnerability

2006.04.03
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Moroccan Security Team (|ucif3r) Greetz To All Freind Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks. Exploit: http://localhost/phpwebgallery/category.php?cat=search&search=[SQL] t4h4[at]linuxmail[dot]com :D


Vote for this issue:
50%
50%

Comment it here.

Copyright 2025, cxsecurity.com

 

Back to Top