Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
References
Configurations
Information
Published : 2008-01-15 12:00
Updated : 2017-09-28 18:30
NVD link : CVE-2008-0256
Mitre link : CVE-2008-0256
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
matteo_binda
- asp_photo_gallery