|
Description
|
|
Corrado Liotta has discovered a vulnerability in YVS Image Gallery, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "album_id" parameter to view_album.php is not properly sanitised in gallery_pages/view_album.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
|
