CVE-2009-1799

Name of the Vulnerable Software and Affected Versions: ST-Gallery version 0.1 alpha

Description: The issue concerns SQL injection vulnerabilities in the getGalleryImage function. These vulnerabilities can be exploited when magic quotes gpc is disabled, allowing remote attackers to execute arbitrary SQL commands. The vulnerabilities are specifically related to the gallery category and gallery show parameters in the example.php file.

Recommendations: For ST-Gallery version 0.1 alpha, consider disabling the getGalleryImage function until a patch is available, and restrict access to the example.php file to minimize the risk of exploitation. Avoid using the gallery category and gallery show parameters in the affected API endpoint until the issue is resolved.