PT-2009-1958 · Softcomplex · Softcomplex Php Image Gallery

Cyber-Zone

Published

2009-03-18

Updated

2017-09-29

CVE-2008-6488

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SoftComplex PHP Image Gallery version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the Admin field in a login action in the index.php file.

Recommendations For SoftComplex PHP Image Gallery version 1.0, consider validating and sanitizing user input to prevent SQL injection attacks, specifically for the Admin field in login actions. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-6488

Affected Products

Softcomplex Php Image Gallery

PT-2009-1958 · Softcomplex · Softcomplex Php Image Gallery

CVE-2008-6488

Weakness Enumeration

Related Identifiers

Affected Products

References · 5