VYPR
← All advisories
High severity8.2NVD Advisory· Published Jun 9, 2026· Updated Jun 9, 2026

CVE-2017-20249

CVE-2017-20249

Description

Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"The application does not properly sanitize user-supplied input in the 'albid' parameter, allowing for SQL injection."

Attack vector

An unauthenticated attacker can exploit this vulnerability by sending a crafted GET request to the affected endpoint. The malicious payload is injected through the 'albid' parameter, which is not properly sanitized before being used in a SQL query. This allows the attacker to execute arbitrary SQL commands, potentially leading to data exfiltration [ref_id=1].

Affected code

The vulnerability lies within the Apptha Slider Gallery plugin, specifically in how it handles the 'albid' parameter. The provided exploit example demonstrates injecting SQL code directly into the URL: `http://localhost/[PATH]/?albid=[SQL]` [ref_id=1].

What the fix does

The patch addresses the SQL injection vulnerability by implementing proper input sanitization for the 'albid' parameter. This ensures that any special characters or SQL commands within the parameter are neutralized, preventing them from being interpreted as executable SQL code. By validating and cleaning the input, the application can safely process requests without risking database compromise.

Preconditions

  • authThe attacker does not require any authentication.
  • networkThe attacker can reach the vulnerable endpoint over the network.
  • inputThe 'albid' parameter is vulnerable to SQL injection.

Reproduction

http://localhost/[PATH]/?albid=-3+/*!50000union*/+select+1,2,3,4,5,0x496873616e2053656e63616e20207777772e696873616e2e6e6574,concat(user_login,0x3a,user_pass),8,9,10,11,12,13,14+from+pleasant_users--+-&pid=6 [ref_id=1]

Generated on Jun 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.