Discovery is credited to Janek Vind <email@example.com>.
SGallery SGallery 1.0 1
SGallery is reported prone to SQL injection attacks. An attacker may leverage this issue to manipulate SQL query strings and potentially carry out arbitrary database queries. This may facilitate the disclosure or corruption of sensitive database information.
SGallery 1.01 is reported vulnerable to this issue.
An exploit is not required.
The following proof of concept example is available: http://www.example.com/nuke75/modules/Sgallery/imageview.php?idimage=-99/**/UNION/**/SELECT/**/pwd/**/FROM/**/nuke_authors/**/WHERE/**/radminsuper=1
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.