CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.

CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.

The application allows uploading media files through the "id" parameter and the file name must be uploaded with the following format "image_name.ext". In the album page, the vulnerable code is as follows:

input type="hidden" name="id" value=""> The above input is a hidden input, that means you cannot see the input value when you submit the form. The issue occurs due to insecure flow of data because of lack of validation of the "id" parameter. An attacker can inject malicious code in the form and get the user's access. A proof of concept is shown below. The file name must be "album-with-injection.ext" and the vulnerable code is displayed above. input type="hidden" name="id" value="">

How to trigger the vulnerability?

- Uploading media files
- The album page
- Input type="hidden" name="id" value="">

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe