Vulnerability Description
SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Subdreamer | Subdreamer Light | 1.0 |
References
- http://marc.info/?l=bugtraq&m=111116479910230&w=2
- http://www.securityfocus.com/archive/1/437983/100/200/threaded
- http://www.securityfocus.com/bid/12839ExploitPatch
- http://www.subdreamer.com/forum/showthread.php?t=2501
- http://marc.info/?l=bugtraq&m=111116479910230&w=2
- http://www.securityfocus.com/archive/1/437983/100/200/threaded
- http://www.securityfocus.com/bid/12839ExploitPatch
- http://www.subdreamer.com/forum/showthread.php?t=2501
FAQ
What is CVE-2005-0805?
CVE-2005-0805 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global...
How severe is CVE-2005-0805?
CVE-2005-0805 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0805?
Check the references section above for vendor advisories and patch information. Affected products include: Subdreamer Subdreamer Light.