CVE-2008-6348
published 2009-03-02CVE-2008-6348: Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to gallery_category.php, (2) photo_id parameter to gallery_photo.php, and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| developiteasy | photo_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/32593http://www.securityfocus.com/bid/32145https://exchange.xforce.ibmcloud.com/vulnerabilities/46400https://www.exploit-db.com/exploits/7016http://secunia.com/advisories/32593http://www.securityfocus.com/bid/32145https://exchange.xforce.ibmcloud.com/vulnerabilities/46400https://www.exploit-db.com/exploits/7016
2009-03-02
Published