Dylan
Former Developer
Hi all,
We found a potential SQL Injection exploit in the search feature of the lite and pro versions of Dragonbyte Gallery 1.2.4
You can either redownload the package and upload the dbtech/gallery/modules/gallery/actions/search.php file from the upload folder or you can apply manual edits.
To manually fix the problem open dbtech/gallery/modules/gallery/actions/search.php
Find
and replace with
Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
We found a potential SQL Injection exploit in the search feature of the lite and pro versions of Dragonbyte Gallery 1.2.4
You can either redownload the package and upload the dbtech/gallery/modules/gallery/actions/search.php file from the upload folder or you can apply manual edits.
To manually fix the problem open dbtech/gallery/modules/gallery/actions/search.php
Find
PHP:
$boolean_query .= '+' . $query_array[$n] . '* ';and replace with
PHP:
$boolean_query .= '+' . $vbulletin->db->escape_string($query_array[$n]) . '* ';Sorry for the inconvenience, and thank you for your continued support
Discuss this news here.
