[VIM] e107 Plugin my_gallery (image) Remote SQL Injection Vulnerability
George A. Theall
theall at tenablesecurity.com
Mon Sep 22 16:01:19 UTC 2008
Milw0rm 6516 claims to be in a plugin named "My_Gallery" . This
appears to be wrong. The affected file isn't in the distribution
package that I downloaded, either for version 1.9.2 which is what the
link in the advisory points to or version 2.3, which I downloaded
several months ago.
Instead, it looks like it's Akira Powered's "Image Gallery", from <http://www.akirapowered.org/download.php?view.73
>. Version 0.9.6.2, which is what's currently available (you need to
register first), is definitely vulnerable. The problem is in
'showBreadcrumb()' in 'functions.php' -- the second query fails to
sanitize input to the 'image' parameter.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list