SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.
Software | From | Fixed in |
---|---|---|
snipegallery / snipe_gallery | - | 3.1.4.x |