Vulnerability Description
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mcgallery | Mcgallery Pro | 1.0 |
References
- http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html
- http://secunia.com/advisories/18039
- http://www.osvdb.org/21719
- http://www.osvdb.org/21720
- http://www.securityfocus.com/bid/15845Exploit
- http://www.vupen.com/english/advisories/2005/2886
- http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html
- http://secunia.com/advisories/18039
- http://www.osvdb.org/21719
- http://www.osvdb.org/21720
- http://www.securityfocus.com/bid/15845Exploit
- http://www.vupen.com/english/advisories/2005/2886
FAQ
What is CVE-2005-4251?
CVE-2005-4251 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the...
How severe is CVE-2005-4251?
CVE-2005-4251 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4251?
Check the references section above for vendor advisories and patch information. Affected products include: Mcgallery Mcgallery Pro.