1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Home
  2. Security
  3. Security Lab
  4. Latest Threats
  5. Vulnerability Descriptions
  6. SA200900204

Pixel8 Web Photo Album "AlbumID" SQL Injection Vulnerability

Report ID: SA200900204
Source: Unknown
Date of Discovery: 06.01.2009
Criticality: Moderate
Affects:
Pixel8 Web Photo Album 3.x
Compromise From: From remote
Compromise Type: Manipulation of data

Summary

A vulnerability in Pixel8 Web Photo Album, which can be exploited by malicious people to conduct SQL injection attacks.

Detailed Description

Input passed to the "AlbumID" parameter in Photo.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 3.0. Other versions may also be affected.

Solution

Edit the source code to ensure that input is properly sanitised.