XooGallery SQL Injection Vulnerability
Vulnerability
Multiple SQL injection vulnerabilities have been identified in XooGallery Latest. These vulnerabilities allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Exploitation involves sending GET requests to photo.php with malicious photo_id values, which can lead to the extraction of sensitive data, bypassing authentication, or modification of database contents.
Impact
Exploitation of these vulnerabilities allows for SQL injection, where attackers can manipulate database queries. This could result in unauthorized data access, data modification, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a GET request to photo.php with a crafted photo_id parameter that includes SQL injection payloads. The injected SQL code can manipulate the database query, potentially leading to unauthorized data access or modification.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.