DUWare DUGallery Login SQL Injection Vulnerability
BID:17918
Info
DUWare DUGallery Login SQL Injection Vulnerability
| Bugtraq ID: | 17918 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 09 2006 12:00AM |
| Updated: | May 10 2006 07:24PM |
| Credit: | [email protected] is credited with the discovery of this vulnerability. |
| Vulnerable: |
DUware DUgallery 2.0 |
| Not Vulnerable: | |
Discussion
DUWare DUGallery Login SQL Injection Vulnerability
DUGallery is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the application, access or modify data, gain administrative access to the application, or exploit vulnerabilities in the underlying database implementation.
DUGallery is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
A successful attack could allow an attacker to compromise the application, access or modify data, gain administrative access to the application, or exploit vulnerabilities in the underlying database implementation.
Exploit / POC
DUWare DUGallery Login SQL Injection Vulnerability
This issue can be exploited with a web browser.
This issue can be exploited with a web browser.
Solution / Fix
DUWare DUGallery Login SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
DUWare DUGallery Login SQL Injection Vulnerability
References:
References: