CVE-2018-25433

Name of the Vulnerable Software and Affected Versions JE Photo Gallery version 1.1

Description An SQL injection allows unauthenticated attackers to extract database information by injecting malicious SQL code. Attackers can send GET requests to the 'index.php' endpoint within the 'com jephotogallery' component using crafted values in the categoryid parameter to execute arbitrary SQL queries and retrieve sensitive data, such as usernames and password hashes.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.