Description
A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise...
Basic Information
ID
PACKETSTORM:214775
Published
Feb 2, 2026 at 00:00
Affected Product
Affected Versions
glFusion 1.3.0 - Blind SQL Injection
Advisory ID: RO-13-001
Severity: Critical
Vendor: glFusion
Product: glFusion CMS
Version: 1.3.0
Overview #
A critical Blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database.
Vulnerability Details #
Affected Versions: 1.3.0 and earlier
Location: /mediagallery/search.php
Affected Parameter: cat_id
Root Cause: The vulnerability exists due to insufficient input validation on the cat_id parameter. User-supplied input is directly concatenated into an SQL query without proper sanitization or parameterized queries, allowing attackers to inject malicious SQL statements.
Exploitation Requirements #
No authentication required
Media Gallery module must be enabled
Direct access to the search endpoint
Impact #
Remote attackers can exploit this vulnerability to:
Extract sensitive data from the database (usernames, passwords, emails)
Bypass authentication mechanisms
Modify or delete database content
Potentially gain administrative access to the CMS
Proof of Concept #
POST /mediagallery/search.php HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
cat_id='+(SELECT 1 FROM (SELECT SLEEP(25))A)+'
Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.
Solution #
Upgrade to glFusion version 1.3.1 or later, which includes proper input sanitization for the affected parameter.
References #
Invicti Advisory NS-13-009
Exploit-DB 28185
Vendor Patch
Timeline:
[2013-09-05] - First contact
[2013-09-06] - Fix released
[2013-09-09] - Advisory released
Credits: Omar Kurt
Advisory ID: RO-13-001
Severity: Critical
Vendor: glFusion
Product: glFusion CMS
Version: 1.3.0
Overview #
A critical Blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database.
Vulnerability Details #
Affected Versions: 1.3.0 and earlier
Location: /mediagallery/search.php
Affected Parameter: cat_id
Root Cause: The vulnerability exists due to insufficient input validation on the cat_id parameter. User-supplied input is directly concatenated into an SQL query without proper sanitization or parameterized queries, allowing attackers to inject malicious SQL statements.
Exploitation Requirements #
No authentication required
Media Gallery module must be enabled
Direct access to the search endpoint
Impact #
Remote attackers can exploit this vulnerability to:
Extract sensitive data from the database (usernames, passwords, emails)
Bypass authentication mechanisms
Modify or delete database content
Potentially gain administrative access to the CMS
Proof of Concept #
POST /mediagallery/search.php HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
cat_id='+(SELECT 1 FROM (SELECT SLEEP(25))A)+'
Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.
Solution #
Upgrade to glFusion version 1.3.1 or later, which includes proper input sanitization for the affected parameter.
References #
Invicti Advisory NS-13-009
Exploit-DB 28185
Vendor Patch
Timeline:
[2013-09-05] - First contact
[2013-09-06] - Fix released
[2013-09-09] - Advisory released
Credits: Omar Kurt