XooGallery SQL Injection Vulnerability in cat.php
Vulnerability
A SQL injection vulnerability has been identified in XooGallery Latest, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. This vulnerability is present in versions of XooGallery through the latest release. Attackers can send GET requests to cat.php with malicious cat_id values to bypass authentication, extract sensitive data, or modify database contents.
Impact
Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data modification, or in some cases, executing administrative operations on the database.
Reproduction
To reproduce this vulnerability, send a GET request to cat.php with a crafted cat_id parameter that includes SQL injection payloads. The injected SQL code can be used to manipulate the database query, potentially bypassing authentication or accessing sensitive data.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.