SQL Injection Vulnerability in Simple Image Gallery System by M4sk0ff
CVE-2021-38819

8.8HIGH

Key Information:

Vendor: Simple Image Gallery Web App Project
Status: Simple Image Gallery Web App
Vendor: CVE Published:; 17 November 2022

🔔 Create Simple Image Gallery Web App Project Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2021-38819?

A SQL injection vulnerability exists in the Simple Image Gallery System version 1.0, where an attacker can manipulate the 'id' parameter on the album page. This flaw allows unauthorized access to the database, potentially leading to data leakage and unauthorized changes. It is crucial for administrators using this application to apply necessary patches and implement security measures to safeguard against such vulnerabilities.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2021-38819
Created by m4sk0ff

References

https://github.com/m4sk0ff/CVE-2021-38819/blob/main/CVE-2...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2022
🟡
Public PoC available
Nov 8, 2022
👾
Exploit known to exist
Nov 8, 2022
Vulnerability Reserved
Aug 16, 2021