vendor:
Active Photo Gallery
by:
CyberGhost
5.5
CVSS
MEDIUM
Remote SQL Injection
89
CWE
Product Name: Active Photo Gallery
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Active Photo Gallery Remote SQL Injection Vulnerability
The vulnerability allows an attacker to inject SQL commands into the application's database queries, potentially allowing unauthorized access to the database or manipulation of its contents. The specific exploit involves injecting a UNION SELECT statement to retrieve sensitive information from the admins table.
Mitigation:
To mitigate this vulnerability, the application should use parameterized queries or prepared statements to sanitize user input and prevent SQL injection attacks. Additionally, regular security audits and updates should be performed to ensure the application is protected against known vulnerabilities.