21 matches found
EUVD-2019-19802
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...
EUVD-2019-19804
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
EUVD-2019-19806
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524 XooGallery Lastest Latest SQL Injection via results.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25524
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'p' parameter. Attackers can send GET requests to results.php with malicious 'p' values to bypass authentication, extract sensitive data...
CVE-2019-25523 XooGallery Lastest Latest SQL Injection via cat.php
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the catid parameter. Attackers can send GET requests to cat.php with malicious catid values to bypass authentication, extract sensitive data...
CVE-2019-25522
The CVE-2019-25522 entry concerns XooGallery Latest with multiple SQL injection vulnerabilities exploitable via the photo_id parameter in photo.php. The root cause is unsanitized user input leading to SQL injection through a GET request, enabling unauthenticated attackers to manipulate queries. R...
CVE-2019-25522
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25522 XooGallery Lastest Latest Multiple SQL Injections via photo.php
XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photoid parameter. Attackers can send GET requests to photo.php with malicious photoid values to extract sensitive data, bypass...
CVE-2019-25521
CVE-2019-25521 affects XooGallery Latest. The issue is an SQL injection in the gal_id parameter passed to gal.php, allowing unauthenticated attackers to manipulate database queries, extract sensitive information, or modify data. CVSS 3.1: 8.2 (High) with network access, no user interaction requir...
CVE-2019-25521 XooGallery Lastest Latest SQL Injection via gal.php gal_id
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the galid parameter. Attackers can send GET requests to gal.php with malicious galid values to extract sensitive database information or...
Xooscripts XooGallery SQL注入漏洞
Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability; this vulnerability stems from the p parameter being susceptible to SQL injections, which may allow unverified attackers to manipulate database...
Xooscripts XooGallery SQL注入漏洞
Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability. This vulnerability stems from the photoid parameter, which allows for SQL injections. It may allow unauthorized attackers to extract sensitive data...
Xooscripts XooGallery SQL注入漏洞
Xooscripts XooGallery is a gallery management component developed by the Xooscripts company. Xooscripts XooGallery has a SQL injection vulnerability, which stems from the SQL injection vulnerability present in the catid parameter. This vulnerability could allow unverified attackers to manipulate...
PT-2026-24983
XooGallery Latest contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat id parameter. Attackers can send GET requests to cat.php with malicious cat id values to bypass authentication, extract sensitive...
XooGallery SQL Injection
Exploit Title: XooGallery - Multiple SQL Injections Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/html5-php-photo-gallery.html Demo Site: http://xooscripts.com/demos/xoogallery/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi...
XooGallery - Multiple SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: XooGallery - Multiple SQL Injections Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/html5-php-photo-gallery.html Demo Site: http://xooscripts.com/demos/xoogallery/ Version: Lastest Tested on:...
XooGallery - Multiple SQL Injection
XooGallery - Multiple SQL Injection Exploit Title: XooGallery - Multiple SQL Injections Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/html5-php-photo-gallery.html Demo Site: http://xooscripts.com/demos/xoogallery/ Version: Lastest Tested on: Ka...