MidnightBSD

Advisories for johan_cwiklinski

CVE-2012-2338 HIGH

SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
johan_cwiklinski galette 0.63.2
johan_cwiklinski galette 0.63.3
johan_cwiklinski galette 0.63
johan_cwiklinski galette 0.63.1