|
|
| News |
December 20, 2007
Plogger SQL Injection Vulnerability released by MWR InfoSecurity
An SQL injection vulnerability was identified in Plogger, a popular open source PHP photo
gallery.
CPNI (The Centre for the Protection of National Infrastructure) have been informed . The vendor has also been informed and has released a code fix which is available from change set 489. The vulnerability would enable an attacker to inject arbitrary SQL statements. SQL injection inference techniques were used to develop a proof of concept exploit that could be used to access any field from the Plogger database (and potentially any field of any database accessible by the database user Plogger is configured to use).
The advisory can be viewed here .
|
|
|
 |
|
