PT-2009-4794 · Datacheck Solutions · Gallerypal Fe
Published
2009-07-08
·
Updated
2017-08-17
·
CVE-2009-2365
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
DataCheck Solutions GalleryPal FE version 1.5
Description
A SQL injection issue exists in the login.asp file, allowing remote attackers to execute arbitrary SQL commands. The exact vectors used for the attack are not specified.
Recommendations
For version 1.5, update to a newer version that addresses this issue, as the current version allows remote attackers to execute arbitrary SQL commands via unspecified vectors. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gallerypal Fe