CVE-2008-5641

Description

SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Affected products

• activewebsoftwares / active_photo_gallery6.2 – 6.2

References

• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2008/3297
• VENDOR_ADVISORYhttp://secunia.com/advisories/32901
• EXPLOIThttps://www.exploit-db.com/exploits/7299
• MISChttp://securityreason.com/securityalert/4767