CVE-2019-25524

Name of the Vulnerable Software and Affected Versions XooGallery (affected versions not specified)

Description The software contains an SQL injection flaw that allows unauthenticated attackers to manipulate database queries. This is achieved by injecting SQL code through the p parameter. Attackers can send GET requests to the ''results.php'' endpoint with malicious p values to bypass authentication, extract sensitive data, or modify database contents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.