header-logo
Suggest Exploit
vendor:
2Bgal
by:
Unknown
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: 2Bgal
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:2bgal:2bgal
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Remote SQL Injection vulnerability in 2Bgal

A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.

Mitigation:

To mitigate this vulnerability, it is recommended to update the application to a version that properly sanitizes user-supplied input before using it in SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12083/info

A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information. 

http://www.example.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201;--