CVE-2004-1415
published 2004-12-31CVE-2004-1415: SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL…
PriorityP428medium5CVSS 2.0
AVNACLAuNCNIPAN
EXPLOIT
EPSS
1.16%
63.1th percentile
SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ben3w | 2bgal | — | — |
| ben3w | 2bgal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PMB Services 3.0.13 - Multiple Remote File Inclusions
exploitdb·2007-03-09
CVE-2007-1415 PMB Services 3.0.13 - Multiple Remote File Inclusions
PMB Services 3.0.13 - Multiple Remote File Inclusions
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_68$2007
[ECHO_ADV_68$2007] PMB Services
- - Invalid include function at opac_css/includes/author_see.inc.php :
--------------------opac_css/includes/author_see.inc.php------------------------
<?php
// +-------------------------------------------------+
// © 2002-2004 PMB Services / www.sigb.net [email protected] et contributeurs (voir www.sigb.net)
// +-------------------------------------------------+
// $Id: author_see.inc.php,v 1.32 2006/12/29 16:10:04 touraine37 Exp $
// affichage du detail pour un auteur
require_once($base_path.'/includes/templates
Exploit-DB
2BGal 2.5.1 - SQL Injection
exploitdb·2004-12-22
CVE-2004-1415 2BGal 2.5.1 - SQL Injection
2BGal 2.5.1 - SQL Injection
---
source: https://www.securityfocus.com/bid/12083/info
A remote SQL injection vulnerability reportedly affects 2Bgal. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in an SQL query.
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
http://www.example.com/2bgal/disp_album.php?id_album=2%20UNION%20SELECT%20passwd%20as%20nom,%20idpere%20FROM%20galbumlist%20LIMIT%201;--
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=110375900916558&w=2http://secunia.com/advisories/13620http://www.securityfocus.com/bid/12083https://exchange.xforce.ibmcloud.com/vulnerabilities/18645http://marc.info/?l=bugtraq&m=110375900916558&w=2http://secunia.com/advisories/13620http://www.securityfocus.com/bid/12083https://exchange.xforce.ibmcloud.com/vulnerabilities/18645
2004-12-31
Published