2 matches found
CVE-2010-2141
CVE-2010-2141 affects the NITRO Web Gallery. The vulnerability is an SQL injection in index.php, exploitable via the PictureId parameter in an open action, allowing remote attackers to run arbitrary SQL commands. The issue is documented across multiple sources (NVD/NVD mirrors, CVE records, and a...
CVE-2008-2817
NiTrO Web Gallery 1.4.3 and earlier contains a SQL injection in albums.php (CatId parameter in a show action) that allows remote attackers to execute arbitrary SQL commands. The issue arises from inadequate sanitization of CatId, enabling potentially unauthorized data access or manipulation. No r...