CVE-2008-0256 Information

Description

Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo Gallery 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) Imgbig.asp (b) thumb.asp and (c) thumbricerca.asp and the (2) ricerca parameter to (d) thumbricerca.asp.

Reference

http://secunia.com/advisories/28447 http://www.securityfocus.com/bid/27262 https://exchange.xforce.ibmcloud.com/vulnerabilities/39646 https://www.exploit-db.com/exploits/4900