ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Photoracer Plugin 1.0 - SQL Injection Vulnerability

Product
Photoracer
Description
SQL injection vulnerability found in viewimg.php line 16. It allows the attacker to execute arbitrary commands via the 'imgid' parameter against the database.
Solution
Update plugin.
Classification
Type SQL Injection
OWASP Top 10 A1: Injection
References
Exploit-DB
CVE
Name CVE-2009-2122
Versions
Affected In <= 1.0
Fixed In 1.1
Disclosure date
2009-06-15
Credits
Kacper