RTWebalbum SQL Injection Vulnerability Network Vulnerability

Summary

This host is running RTWebalbum and is prone to SQL Injection vulnerability.

Impact

Successful exploitation will allow attacker to manipulate SQL queries by injecting arbitrary SQL code. Impact Level: Application

Solution

Upgrade to RTWebalbum version 1.0.574 or Apply SVN Repositories http://sourceforge.net/projects/rtwebalbum http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum/index.php?view=log

Insight

Input passed to the 'AlbumId' parameter in index.php is not properly sanitised before being used in SQL queries

Affected

RTWebalbum versions prior to 1.0.574

References

http://rtwebalbum.svn.sourceforge.net/viewvc/rtwebalbum
http://secunia.com/advisories/35022
http://xforce.iss.net/xforce/xfdb/50406

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1910

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Components (CFC) Denial Of Service Vulnerability
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
AdPeeps 'index.php' Multiple Vulnerabilities.
AWStats configdir parameter arbitrary cmd exec
68designs 68kb Multiple Remote File Include Vulnerabilities

Take action and discover your vulnerabilities