Hi,
From the url which is taken as exploit:
http://server/path/index.php?option=com ... es&Itemid=[SQL Injection]
I cannot find any not protected Itemid section in Phoca Gallery:
Categories View:
::view.html.php
- line 155 - JRequest::getVar('Itemid', 0, '', 'int') - protected by integer
:: there is no controller for this view
:: model does not include any itemid request
PhocaGalleryRoute Class:
Both codes:
$currentItemId = JRequest::getVar('Itemid', 0, '', 'int');
if(!$items) {
return JRequest::getVar('Itemid', 0, '', 'int');
}
are protected by integer.
So for now I see no place where the exploit can be used.
I will do more tests (but I looked at the whole categories view, route helper file and all the libraries).
Jan