PT-2009-1958 · Softcomplex · Softcomplex Php Image Gallery

Cyber-Zone

Publicado

2009-03-18

Atualizado

2017-09-29

CVE-2008-6488

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SoftComplex PHP Image Gallery version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the Admin field in a login action in the index.php file.

Recommendations For SoftComplex PHP Image Gallery version 1.0, consider validating and sanitizing user input to prevent SQL injection attacks, specifically for the Admin field in login actions. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-6488

Produtos afetados

Softcomplex Php Image Gallery

PT-2009-1958 · Softcomplex · Softcomplex Php Image Gallery

CVE-2008-6488

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5