CVE-2005-4228

Name of the Vulnerable Software and Affected Versions PhpWebGallery versions 1.7.2 and earlier PhpWebGallery versions 1.5.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including since, sort by, and items number in 'comments.php', the search parameter in 'category.php', and the image id parameter in 'picture.php'.

Recommendations For PhpWebGallery versions 1.7.2 and earlier, consider restricting access to the sort by parameter in 'comments.php' until a patch is available. For PhpWebGallery versions 1.5.1 and earlier, avoid using the since, sort by, and items number parameters in 'comments.php', the search parameter in 'category.php', and the image id parameter in 'picture.php' until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.