Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-220: PHP-Nuke My_eGallery Module 'gid' Parameter Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-220: PHP-Nuke My_eGallery Module 'gid' Parameter Vulnerability
# 1  
Old 03-04-2008
S-220: PHP-Nuke My_eGallery Module 'gid' Parameter Vulnerability
The 'My_eGallery' module for PHP-Nuke is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The risk is LOW. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

5 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

XSS vulnerability found via injection in the parameter address

Mods please move if posted in wrong section, I wasnt sure where to ask this one. There are several of us that use an open source program called yiimp, https://github.com/tpruvot/yiimp several of our sites were attacked last night and I am reaching out to you guys to see if then vulnerability... (0 Replies)
Discussion started by: crombiecrunch
0 Replies

2. Solaris

Installing ZIP module for PHP

Hi Guys, I am using SOLARIS 10 and I want to install ZIP module for PHP. I went to this link http://pecl.php.net/package/zip and I choose zip-1.12.3.tgz, the latest "stable" release, and then transferred it to my server. Then I went to my path /usr/local/apache2/conf then untar the... (1 Reply)
Discussion started by: Phuti
1 Replies

3. UNIX for Dummies Questions & Answers

How do I list kernel module parameter values?

Hi, I have problem with parameter configuration. My question is after the configuration, how to check if successfully change the value or not? I saw someone has the same question, and followed his steps. Original thread:... (3 Replies)
Discussion started by: skybb
3 Replies

4. Solaris

ufsrestore and Exayte 220

I have a set of tapes that contain a full system backup done with 'ufsdump' on an Exabyte 220. I don't know how many tapes the backup spans, but I'd guess at least 3-4 tapes (the set is 20, but some of that is subsequent incremental backups). I used 'ufsrestore ilv' and was able to traverse at... (0 Replies)
Discussion started by: wilbur
0 Replies

5. UNIX for Dummies Questions & Answers

PHP Module

Ok..i've installed Apache 1.3.14, and it runs... BUT...I can't figure out how to get the php-4.0.4 module to run, and i've read through the install file and EVERYTYHING, aafter about 10 attempts I pissed myself off enough to goto sleep...Can anyone suggest a place to look for a lil bit more help?... (10 Replies)
Discussion started by: ComTec
10 Replies
Login or Register to Ask a Question

LEARN ABOUT PHP

ingres_prepare

INGRES_PREPARE(3)							 1							 INGRES_PREPARE(3)

ingres_prepare - Prepare a query for later execution

SYNOPSIS

       mixed ingres_prepare (resource  $link, string  $query)

DESCRIPTION

	Prepares a query for execution by ingres_execute(3).

	The  query  becomes  part  of the currently open transaction. If there is no open transaction, ingres_query(3) opens a new transaction. To
       close the transaction, you can call either ingres_commit(3) to commit the changes made to the  database	or  ingres_rollback(3)	to  cancel
       these  changes. When the script ends, any open transaction is rolled back (by calling ingres_rollback(3)). You can also use ingres_autocom-
       mit(3) before opening a new transaction to have every SQL query immediately committed.

       Note

	      Related Configurations

	       See also the ingres.describe, ingres.scrollable and ingres.utf8 directives in Runtime Configuration.

PARAMETERS

	      o $link
		- The connection link identifier

	      o $query
		- A valid SQL query (see the Ingres SQL reference guide) in the Ingres documentation. See the query parameter  in  ingres_query(3)
		for a list of SQL statements which cannot be executed using ingres_prepare(3)

RETURN VALUES

       ingres_prepare(3)  returns a query result identifier that is used with ingres_execute(3) to execute the query. To see if an error occurred,
       use ingres_errno(3), ingres_error(3), or ingres_errsqlstate(3).

SEE ALSO

       ingres_unbuffered_query(3), ingres_fetch_array(3), ingres_fetch_assoc(3),  ingres_fetch_object(3),  ingres_fetch_row(3),  ingres_commit(3),
       ingres_rollback(3), ingres_autocommit(3), ingres_set_environment(3), ingres_errno(3), ingres_error(3).

PHP Documentation Group 													 INGRES_PREPARE(3)