CVE-2005-0805

Subdreamer Light - SQL Injection via imageid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0805. PoCs published by GHC team.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Subdreamer Light, where the 'p17_imageid' parameter in the URL can be manipulated to inject arbitrary SQL code. No actual exploit code is included, only a description and example URL.

Description

SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by GHC team · textwebappsphp
https://www.exploit-db.com/exploits/25235

The provided text describes an SQL injection vulnerability in Subdreamer Light, where the 'p17_imageid' parameter in the URL can be manipulated to inject arbitrary SQL code. No actual exploit code is included, only a description and example URL.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Subdreamer Light (all versions)
No auth needed
Prerequisites: Access to the vulnerable Subdreamer Light web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111116479910230&w=2
Various Sources x_refsource_confirm
http://www.subdreamer.com/forum/showthread.php?t=2501
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437983/100/200/threaded
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12839

Scores

EPSS 0.0123
EPSS Percentile 65.3%

Details

Status published
Products (1)
subdreamer/subdreamer_light 1.0
Published May 02, 2005
Tracked Since Feb 18, 2026