Description
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Robert Cooper · textwebappsphp
https://www.exploit-db.com/exploits/18352
References (3)
Core 3
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18352
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/82543
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51394
Scores
EPSS
0.0093
EPSS Percentile
76.1%
Details
CWE
CWE-89
Status
published
Products (2)
yabsoft/advanced_image_hosting_script
yabsoft/advanced_image_hosting_script
2.3
Published
Nov 26, 2012
Tracked Since
Feb 18, 2026