header-logo
Suggest Exploit
vendor:
Instant Photo Gallery
by:
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Instant Photo Gallery
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2005-3667
CPE: a:instant_photo_gallery:instant_photo_gallery:1
Metasploit: https://www.rapid7.com/db/vulnerabilities/hpux-cve-2005-3670/
Other Scripts:
Platforms Tested:
2005

Instant Photo Gallery SQL Injection Vulnerabilities

Multiple SQL injection vulnerabilities in Instant Photo Gallery allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php or (2) the 'q' parameter in search.php.

Mitigation:

Sanitize user-supplied input before using it in an SQL query.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15659/info

Instant Photo Gallery is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Versions v1 and prior are reported to be vulnerable; other versions may also be affected. 

http://www.example.com/portfolio.php?cat_id=[SQL]

Navigation

Suggest Exploit

Services By CQR