4 matches found
CVE-2019-25522
CVE-2019-25522 affects XooGallery Latest, where the vulnerability is an unauthenticated SQL injection in the photo_id parameter passed to photo.php. The root cause is unsafely constructed SQL queries via the photo_id input, enabling attackers to manipulate database queries and potentially extract...
CVE-2019-25523
CVE-2019-25523 affects XooGallery Latest. The issue is an SQL injection in the cat_id parameter passed to cat.php, allowing unauthenticated attackers to influence database queries (bypass auth, extract/modify data) via GET requests. Root cause is unsanitized user input in SQL queries. The connect...
CVE-2019-25524
CVE-2019-25524 affects XooGallery Latest and is caused by an SQL injection in the p parameter to results.php. The vulnerability allows unauthenticated attackers to manipulate database queries, potentially bypassing authentication, extracting sensitive data, or modifying data. Exploitation details...
CVE-2019-25521
Summary: CVE-2019-25521 is an SQL injection vulnerability in the XooGallery Latest component that allows unauthenticated attackers to manipulate database queries via the gal_id parameter in gal.php. The issue is triggered by crafting malicious gal_id values in GET requests to extract sensitive da...