CVE-2005-4251 Information

Description

Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id (2) start and (3) rand parameters to show.php and the (4) album parameter to index.php.

Reference

http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html http://secunia.com/advisories/18039 http://www.osvdb.org/21719 http://www.osvdb.org/21720 http://www.securityfocus.com/bid/15845 http://www.vupen.com/english/advisories/2005/2886