PT-2008-2936 · Myiosoft · Myiosoft Easygallery

Joss

Published

2008-03-17

Updated

2018-10-11

CVE-2008-1346

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions MyioSoft EasyGallery versions 5.0tr and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the catid parameter in a "category" action.

Recommendations For MyioSoft EasyGallery versions 5.0tr and earlier, consider restricting access to the vulnerable index.php file in the staticpages/easygallery directory until a patch is available. Avoid using the catid parameter in the affected category action to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-1346

Affected Products

Myiosoft Easygallery

PT-2008-2936 · Myiosoft · Myiosoft Easygallery

CVE-2008-1346

Weakness Enumeration

Related Identifiers

Affected Products

References · 6