Vulnerabilities > CVE-2005-3508 - SQL Injection vulnerability in Galerie 2.4

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

galerie

exploit available

NVD

Published: 2005-11-06

Updated: 2018-10-19

Summary

SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.

Vulnerable Configurations

Part	Description	Count
Application	Galerie Galerie Galerie 2.4	1

Exploit-Db

description	Galerie 2.4 ShowGallery.PHP SQL Injection Vulnerability. CVE-2005-3508. Webapps exploit for php platform
id	EDB-ID:26468
last seen	2016-02-03
modified	2005-11-03
published	2005-11-03
reporter	[email protected]
source	https://www.exploit-db.com/download/26468/
title	Galerie 2.4 ShowGallery.PHP SQL Injection Vulnerability

References

http://secunia.com/advisories/17453
http://securitytracker.com/id?1015162
http://www.osvdb.org/20523
http://www.securityfocus.com/archive/1/415806/30/0/threaded
http://www.securityfocus.com/bid/15313
http://www.vupen.com/english/advisories/2005/2309