PT-2008-3644 · Galleristic · Galleristic
Condemned
·
Publicado
2008-05-09
·
Atualizado
2017-09-29
·
CVE-2008-2129
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Galleristic version 1.0
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the index.php file when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the
cat parameter.Recommendations
For Galleristic version 1.0, consider disabling the
cat parameter in the index.php file until a patch is available, or enable the magic quotes gpc setting to prevent SQL injection attacks.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Galleristic