Invisibility

**Name of the Vulnerable Software and Affected Versions** WoltLab Burning Board (WBB3) rGallery plugin version 1.2.3 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `userID` parameter in the "RGalleryUserGallery" page to "index.php". **Recommendations** For version 1.2.3 of the rGallery plugin, consider restricting access to the RGalleryUserGallery page until a fix is available, and avoid using the `userID` parameter in the affected API endpoint.