[VIM] e107 Plugin my_gallery (image) Remote SQL Injection Vulnerability

George A. Theall theall at tenablesecurity.com
Mon Sep 22 16:01:19 UTC 2008

Milw0rm 6516 claims to be in a plugin named "My_Gallery" . This  
appears to be wrong. The affected file isn't in the distribution  
package that I downloaded, either for version 1.9.2 which is what the  
link in the advisory points to or version 2.3, which I downloaded  
several months ago.

Instead, it looks like it's Akira Powered's "Image Gallery", from <http://www.akirapowered.org/download.php?view.73 
 >.  Version, which is what's currently available (you need to  
register first), is definitely vulnerable. The problem is in  
'showBreadcrumb()' in 'functions.php' -- the second query fails to  
sanitize input to the 'image' parameter.

theall at tenablesecurity.com

More information about the VIM mailing list