CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.

The application allows uploading media files through the "id" parameter and the file name must be uploaded with the following format "image_name.ext". In the album page, the vulnerable code is as follows:

input type="hidden" name="id" value=""> The above input is a hidden input, that means you cannot see the input value when you submit the form. The issue occurs due to insecure flow of data because of lack of validation of the "id" parameter. An attacker can inject malicious code in the form and get the user's access. A proof of concept is shown below. The file name must be "album-with-injection.ext" and the vulnerable code is displayed above. input type="hidden" name="id" value="">

How to trigger the vulnerability?

- Uploading media files
- The album page
- Input type="hidden" name="id" value="">

Timeline

Published on: 11/17/2022 00:15:00 UTC
Last modified on: 11/17/2022 23:26:00 UTC

References