Unrated severityNVD Advisory· Published Dec 14, 2005· Updated Apr 16, 2026

CVE-2005-4251

Description

Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.

Affected products

Mcgallery/Mcgallery Pro3 versions
cpe:2.3:a:mcgallery:mcgallery_pro:1.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:mcgallery:mcgallery_pro:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mcgallery:mcgallery_pro:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mcgallery:mcgallery_pro:2.2:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/15845nvdExploit
pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.htmlnvd
secunia.com/advisories/18039nvd
www.osvdb.org/21719nvd
www.osvdb.org/21720nvd
www.vupen.com/english/advisories/2005/2886nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000