CVE-2019-25522

Name of the Vulnerable Software and Affected Versions XooGallery (affected versions not specified)

Description The software contains multiple SQL injection flaws that allow unauthenticated attackers to manipulate database queries. Attackers can inject SQL code through the photo id parameter. By sending crafted GET requests to the ''photo.php'' endpoint with malicious photo id values, attackers can extract sensitive data, bypass authentication, or modify database contents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.