Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Remote SQL Injection vulnerability in 2Bgal - exploit.company
header-logo
Suggest Exploit
vendor:
2Bgal
by:
Unknown
7.5
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: 2Bgal
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:2bgal:2bgal
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Remote SQL Injection vulnerability in 2Bgal

A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.

Mitigation:

To mitigate this vulnerability, it is recommended to update the application to a version that properly sanitizes user-supplied input before using it in SQL queries.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12083/info

A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.

An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information. 

http://www.example.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201;--

Navigation

Suggest Exploit

Services By CQR