Security Advisory

CVE-2019-25522

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-12 15:36:54

Last updated 2026-03-12 16:43:33

Assigner VulnCheck

State PUBLISHED

Description

XooGallery Latest contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to manipulate database queries by injecting SQL code through the photo_id parameter. Attackers can send GET requests to photo.php with malicious photo_id values to extract sensitive data, bypass authentication, or modify database contents.

← Browse all CVEs View on cve.org ↗