Closed
Description
Hi, I found a sql injection vulnerability in cat_move.php:
The 'move_categories' method is called when moving the album in '/admin.php?page=cat_move', but the method does not validate and filter the 'selection' and 'parent' parameters, thus causing the vulnerability.
replace any of the following parameter in POST requests to reappear the vulnerability:
selection%5B%5D=1)` and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23
or
parent=1 and if(ascii(substr(database(),1,1))>300,1,sleep(5));%23

