Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp, (b) thumb.asp, and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.
References
Configurations
History
No history.
Information
Published : 2008-01-15 20:00
Updated : 2024-02-28 11:01
NVD link : CVE-2008-0256
Mitre link : CVE-2008-0256
CVE.ORG link : CVE-2008-0256
JSON object : View
Products Affected
matteo_binda
- asp_photo_gallery
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')