Description
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
Exploits (1)
References (5)
Core 5
Core References
Various Sources x_refsource_confirm
http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/11/1
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53463
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/10/5
Exploit x_refsource_misc
http://redmine.ulysses.fr/issues/250
Scores
EPSS
0.0017
EPSS Percentile
37.7%
Details
CWE
CWE-89
Status
published
Products (4)
johan_cwiklinski/galette
0.63 (2 CPE variants)
johan_cwiklinski/galette
0.63.1
johan_cwiklinski/galette
0.63.2
johan_cwiklinski/galette
0.63.3
Published
May 21, 2012
Tracked Since
Feb 18, 2026