paperjam

FYI: Photo Gallery for osCommerce is prone to SQL Injection vulnerabillity in gallery_process.php. Hotfix: Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID'] and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php, search for: require('includes/application_top.php'); require(DIR_WS_LANGUAGES . $language . '/gallery_user.php'); and change to: require('includes/application_top.php'); if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); } require(DIR_WS_LANGUAGES . $language . '/gallery_user.php'); Micha