SelectaPix.SQL.Injection

description-logoDescription

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.

affected-products-logoAffected Products

SelectaPix version 1.31 and prior.

Impact logoImpact

Arbitrary SQL commands execution.

recomended-action-logoRecommended Actions

Upgrade to SelectaPix latest version.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)