1 results (0.002 seconds)

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 4

SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. Vulnerabilidad de inyección SQL en infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php del módulo MG User-Fotoalbum (mg_user_fotoalbum_panel) v1.0.1 para PHP-Fusion, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "album_id". • https://www.exploit-db.com/exploits/15227 http://packetstormsecurity.org/1010-exploits/phpfusionmguser-sql.txt http://secunia.com/advisories/41752 http://securityreason.com/securityalert/8219 http://www.exploit-db.com/exploits/15227 http://www.securityfocus.com/bid/43901 https://exchange.xforce.ibmcloud.com/vulnerabilities/62382 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •