Primary

Context

XooGallery SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in XooGallery Latest, allowing unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. This vulnerability is present in all versions of XooGallery Latest. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data, or modify database contents.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries to extract, modify, or delete database information. This could lead to unauthorized data access or modification.

Reproduction

To reproduce this vulnerability, send a GET request to results.php with a crafted 'p' parameter that includes SQL injection payloads. The injected SQL code can manipulate the database query, potentially bypassing authentication or accessing sensitive data.

Added: Mar 12, 2026, 4:27 PM

Updated: Mar 12, 2026, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

3.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XooGallery SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating