9.3 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.023 Low
EPSS
Percentile
89.6%
SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS.
CPE | Name | Operator | Version |
---|---|---|---|
verosky_media:instant_photo_gallery | verosky media instant photo gallery | eq | 1.0.2 |
attrition.org/pipermail/vim/2006-April/000733.html
secunia.com/advisories/19813
securityreason.com/securityalert/803
www.osvdb.org/24986
www.osvdb.org/24987
www.securityfocus.com/archive/1/432024/100/0/threaded
www.securityfocus.com/archive/1/432241/100/0/threaded
www.securityfocus.com/bid/17696
www.vupen.com/english/advisories/2006/1533