{"id":38563,"date":"2026-02-02T13:42:21","date_gmt":"2026-02-02T13:42:21","guid":{"rendered":"http:\/\/localhost\/?p=38563"},"modified":"2026-02-02T13:42:21","modified_gmt":"2026-02-02T13:42:21","slug":"glfusion-130-blind-sql-injection","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=38563","title":{"rendered":"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775"},"content":{"rendered":"

{“lastseen”:”2026-02-02T18:37:19″,”description”:”A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise…”,”published”:”2026-02-02T00:00:00″,”modified”:”2026-02-02T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection”,”source”:””,”references”:””,”id”:”PACKETSTORM:214775″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”glFusion 1.3.0 – Blind SQL Injection\\n Advisory ID: RO-13-001\\n Severity: Critical\\n Vendor: glFusion\\n Product: glFusion CMS\\n Version: 1.3.0\\n \\n \\n Overview #\\n \\n A critical Blind SQL Injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL commands and potentially compromise the entire database.\\n \\n \\n Vulnerability Details #\\n \\n Affected Versions: 1.3.0 and earlier\\n \\n Location: \/mediagallery\/search.php\\n \\n Affected Parameter: cat_id\\n \\n Root Cause: The vulnerability exists due to insufficient input validation on the cat_id parameter. User-supplied input is directly concatenated into an SQL query without proper sanitization or parameterized queries, allowing attackers to inject malicious SQL statements.\\n \\n \\n Exploitation Requirements #\\n \\n No authentication required\\n Media Gallery module must be enabled\\n Direct access to the search endpoint\\n \\n Impact #\\n \\n Remote attackers can exploit this vulnerability to:\\n \\n Extract sensitive data from the database (usernames, passwords, emails)\\n Bypass authentication mechanisms\\n Modify or delete database content\\n Potentially gain administrative access to the CMS\\n \\n Proof of Concept #\\n \\n POST \/mediagallery\/search.php HTTP\/1.1\\n Host: target.com\\n Content-Type: application\/x-www-form-urlencoded\\n \\n cat_id=’+(SELECT 1 FROM (SELECT SLEEP(25))A)+’\\n \\n Time-based Blind SQL Injection: If the server response is delayed by 25 seconds, the target is vulnerable.\\n \\n \\n Solution #\\n \\n Upgrade to glFusion version 1.3.1 or later, which includes proper input sanitization for the affected parameter.\\n \\n \\n References #\\n \\n Invicti Advisory NS-13-009\\n Exploit-DB 28185\\n Vendor Patch\\n \\n Timeline:\\n \\n [2013-09-05] – First contact\\n [2013-09-06] – Fix released\\n [2013-09-09] – Advisory released\\n \\n Credits: Omar Kurt”,”sourceHref”:”https:\/\/packetstorm.news\/download\/214775″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/214775\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"

{“lastseen”:”2026-02-02T18:37:19″,”description”:”A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-38563","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775 - zero redgem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/zero.redgem.net\/?p=38563\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775 - zero redgem\" \/>\n<meta property=\"og:description\" content=\"{“lastseen”:”2026-02-02T18:37:19″,”description”:”A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/zero.redgem.net\/?p=38563\" \/>\n<meta property=\"og:site_name\" content=\"zero redgem\" \/>\n<meta property=\"article:published_time\" content=\"2026-02-02T13:42:21+00:00\" \/>\n<meta name=\"author\" content=\"invoker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"invoker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563\"},\"author\":{\"name\":\"invoker\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\"},\"headline\":\"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775\",\"datePublished\":\"2026-02-02T13:42:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563\"},\"wordCount\":431,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"keywords\":[\"CVE\",\"CVSS\",\"exploit\",\"news\",\"NONE\",\"packetstorm\",\"Security\",\"tapic\",\"Vulnerability\"],\"articleSection\":[\"category_exploit\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38563#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563\",\"name\":\"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775 - zero redgem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\"},\"datePublished\":\"2026-02-02T13:42:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/zero.redgem.net\\\/?p=38563\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/?p=38563#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/zero.redgem.net\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#website\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"name\":\"zero redgem\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/zero.redgem.net\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#organization\",\"name\":\"zero redgem\",\"url\":\"https:\\\/\\\/zero.redgem.net\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"\",\"contentUrl\":\"\",\"width\":191,\"height\":188,\"caption\":\"zero redgem\"},\"image\":{\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/zero.redgem.net\\\/#\\\/schema\\\/person\\\/fbfeae8dfad117ac08a7621bee1a1dca\",\"name\":\"invoker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g\",\"caption\":\"invoker\"},\"sameAs\":[\"https:\\\/\\\/zero.redgem.net\"],\"url\":\"https:\\\/\\\/zero.redgem.net\\\/?author=1\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775 - zero redgem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/zero.redgem.net\/?p=38563","og_locale":"en_US","og_type":"article","og_title":"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775 - zero redgem","og_description":"{“lastseen”:”2026-02-02T18:37:19″,”description”:”A critical blind SQL injection vulnerability exists in glFusion CMS version 1.3.0, affecting the Media Gallery search functionality. The vulnerability allows unauthenticated remote attackers to...","og_url":"https:\/\/zero.redgem.net\/?p=38563","og_site_name":"zero redgem","article_published_time":"2026-02-02T13:42:21+00:00","author":"invoker","twitter_card":"summary_large_image","twitter_misc":{"Written by":"invoker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/zero.redgem.net\/?p=38563#article","isPartOf":{"@id":"https:\/\/zero.redgem.net\/?p=38563"},"author":{"name":"invoker","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca"},"headline":"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775","datePublished":"2026-02-02T13:42:21+00:00","mainEntityOfPage":{"@id":"https:\/\/zero.redgem.net\/?p=38563"},"wordCount":431,"commentCount":0,"publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"keywords":["CVE","CVSS","exploit","news","NONE","packetstorm","Security","tapic","Vulnerability"],"articleSection":["category_exploit"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/zero.redgem.net\/?p=38563#respond"]}]},{"@type":"WebPage","@id":"https:\/\/zero.redgem.net\/?p=38563","url":"https:\/\/zero.redgem.net\/?p=38563","name":"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775 - zero redgem","isPartOf":{"@id":"https:\/\/zero.redgem.net\/#website"},"datePublished":"2026-02-02T13:42:21+00:00","breadcrumb":{"@id":"https:\/\/zero.redgem.net\/?p=38563#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/zero.redgem.net\/?p=38563"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/zero.redgem.net\/?p=38563#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/zero.redgem.net\/"},{"@type":"ListItem","position":2,"name":"\ud83d\udcc4 glFusion 1.3.0 Blind SQL Injection_PACKETSTORM:214775"}]},{"@type":"WebSite","@id":"https:\/\/zero.redgem.net\/#website","url":"https:\/\/zero.redgem.net\/","name":"zero redgem","description":"","publisher":{"@id":"https:\/\/zero.redgem.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/zero.redgem.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/zero.redgem.net\/#organization","name":"zero redgem","url":"https:\/\/zero.redgem.net\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/","url":"","contentUrl":"","width":191,"height":188,"caption":"zero redgem"},"image":{"@id":"https:\/\/zero.redgem.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/zero.redgem.net\/#\/schema\/person\/fbfeae8dfad117ac08a7621bee1a1dca","name":"invoker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f17c01d7338e6932bcde121cf83569393df3374625d25afd62677cfb528f2e3e?s=96&d=mm&r=g","caption":"invoker"},"sameAs":["https:\/\/zero.redgem.net"],"url":"https:\/\/zero.redgem.net\/?author=1"}]}},"_links":{"self":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38563","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=38563"}],"version-history":[{"count":0,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=\/wp\/v2\/posts\/38563\/revisions"}],"wp:attachment":[{"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=38563"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=38563"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zero.redgem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=38563"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}