SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2005-03-20T05:00:00
Updated: 2024-08-07T21:28:28.902Z
Reserved: 2005-03-20T00:00:00
Link: CVE-2005-0805
Vulnrichment
No data.
NVD
Status : Modified
Published: 2005-05-02T04:00:00.000
Modified: 2024-11-20T23:55:56.470
Link: CVE-2005-0805
Redhat
No data.