3 matches found
CVE-2007-3411
SQL injection vulnerability in editimage.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter...
Sql injection
SQL injection vulnerability in editimage.asp in ClickGallery Server 5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter...
CVE-2007-3412
The CVE-2007-3412 entry describes a cross-site scripting (XSS) vulnerability in ClickGallery Server 5.1 and earlier, exposed via the from parameter of edit_image.asp. The affected component is the server-side edit_image.asp handling input parameters, with the root cause being insufficient sanitiz...