Title: SGallery Module For PHPNuke SQL Injection Vulnerability
Severity: HIGH
Description:
SGallery is a module For PHPNuke. It provides a Web based JPG image gallery.
SGallery is reported prone to SQL injection attacks. The vulnerability exists in the 'imageview.php' script. Input supplied through the 'idalbum' and 'idimage' URI parameters is used in a database query without sufficient sanitization. This may permit remote attackers to influence the logic and structure of database queries.
An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
SGallery 1.01 is reported vulnerable to this issue.
Affected Products:
- SGallery SGallery 1.0.0 1
References:
- SGallery: SGallery Product Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
