ISS X-Force Database: instantphotogallery-multiple-sql-injection(23350): Instant Photo Gallery multiple scripts allow SQL injection

Instant Photo Gallery multiple scripts allow SQL injection

instantphotogallery-multiple-sql-injection (23350)

Medium Risk

Description:

Instant Photo Gallery is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the portfolio.php script using the cat_id parameter or to the content.php script using the cid parameter to add, modify, or delete data from the database.

Consequences:

Data Manipulation

Remedy:

Upgrade to the latest version of Instant Photo Gallery (version 1.0.2) or apply the patch, available from the Instant Photo Gallery Web site. See References.

References:

Instant Photo Gallery Web site: Instant Photo Gallery - Home.
UNSECURED SYSTEMS: Instant Photo Gallery SQL inj. vuln..
BID-15659: Instant Photo Gallery Multiple SQL Injection Vulnerabilities
BID-17696: Instant Photo Gallery Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-3986: Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php.
CVE-2006-2080: SQL injection vulnerability in portfolio_photo_popup.php in Verosky Media Instant Photo Gallery 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, which is not cleansed before calling the count_click function in includes/functions/fns_std.php. NOTE: this issue could produce resultant XSS.
OSVDB ID: 21334: Instant Photo Gallery portfolio.php cat_id Variable SQL Injection
OSVDB ID: 21335: Instant Photo Gallery content.php cid Variable SQL Injection
OSVDB ID: 24986: Instant Photo Gallery portfolio_photo_popup.php id Variable XSS
OSVDB ID: 24987: Instant Photo Gallery portfolio_photo_popup.php id Variable SQL Injection
SA17841: Instant Photo Gallery SQL Injection Vulnerabilities
SA19813: Instant Photo Gallery "id" SQL Injection Vulnerability
VUPEN/ADV-2005-2670: Instant Photo Gallery cat_id and cid SQL Injection Vulnerabilities
VUPEN/ADV-2006-1533: Instant Photo Gallery id Variable Handling Remote SQL Injection Vulnerability

Platforms Affected:

Instant Photo Gallery Instant Photo Gallery 1 and prior

Reported:

Nov 30, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page