CVE-2008-2337

Name of the Vulnerable Software and Affected Versions: IMGallery version 2.5

Description: The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This is possible when magic quotes gpc is disabled. The vulnerabilities can be exploited via the kategoria parameter to "galeria.php", and the id phot parameter to "popup/koment.php" and "popup/opis.php".

Recommendations: For IMGallery version 2.5, consider disabling the kategoria and id phot parameters in the affected API endpoints until a patch is available. Restrict access to "galeria.php", "popup/koment.php", and "popup/opis.php" to minimize the risk of exploitation. Avoid using the kategoria and id phot parameters in the respective endpoints until the issue is resolved.