Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.
Advisories for Composer/Helloxz/Imgurl package
2022
2021
Cross-site Scripting
imgURL allows XSS via an X-Forwarded-For HTTP header.