SGallery Idimage SQL Injection Network Vulnerability

Summary

The remote host is running SGallery, a module for PHP-Nuke. A critical SQL injection in the remote version of this module has been found, this vulnerability allows a remote attacker via the 'idimage' variable to inject arbitrary SQL statements in the remote SQL database.

Solution

Upgrade to the latest version of this software.

Severity

Classification

CVE CVE-2005-0377

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

AWStats Totals 'sort' Parameter Remote Command Execution Vulnerabilities
AWStats configdir parameter arbitrary cmd exec
Allegro RomPager `Misfortune Cookie` Vulnerability
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
Apache Tomcat AJP Protocol Security Bypass Vulnerability

SGallery idimage SQL Injection

Take action and discover your vulnerabilities