CVE-2008-5037 – Elkagroup Image Gallery 1.0 - 'view.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5037
SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter. Vulnerabilidad de inyección SQL en view.php en ElkaGroup Image Gallery v1.0 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "cid". • https://www.exploit-db.com/exploits/32542 http://packetstorm.linuxsecurity.com/0810-exploits/elkagroup-sql.txt http://secunia.com/advisories/25844 http://www.securityfocus.com/bid/31966 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2007-3461 – Elkagroup Image Gallery 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2007-3461
SQL injection vulnerability in property.php in elkagroup Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter. Vulnerabilidad de inyección SQL en property.php en elkagroup Image Gallery 1.0 permite a atacantes remotos ejecutar comandos SQl de su elección a travé del parámetro pid. • https://www.exploit-db.com/exploits/4114 http://osvdb.org/36294 http://secunia.com/advisories/25844 http://www.securityfocus.com/bid/24666 https://exchange.xforce.ibmcloud.com/vulnerabilities/35090 •