admin
06-03-2005, 01:13 PM
Exhibit Engine
http://photography-on-the.net/ee/
06-03-2005
Description:
sk0L has reported a vulnerability in Exhibit Engine, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "search_row", "sort_row", "order" and "perpage" parameters in "list.php" isn't properly sanitised before being used in a SQL query. This can be exploited manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability has been reported in version 1.22 and 1.54 RC4. Other versions may also be affected.
Solution:
The vulnerability has been fixed in a patch for version 1.5RC4.
http://photography-on-the.net/ee/
06-03-2005
Description:
sk0L has reported a vulnerability in Exhibit Engine, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "search_row", "sort_row", "order" and "perpage" parameters in "list.php" isn't properly sanitised before being used in a SQL query. This can be exploited manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability has been reported in version 1.22 and 1.54 RC4. Other versions may also be affected.
Solution:
The vulnerability has been fixed in a patch for version 1.5RC4.