CVE-2005-4228

phpwebgallery < 1.7.2 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-4228. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in PhpWebGallery, where the 'image_id' parameter in 'picture.php' is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Description

Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26792

The provided text describes a SQL injection vulnerability in PhpWebGallery, where the 'image_id' parameter in 'picture.php' is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PhpWebGallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PhpWebGallery instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26790

The provided text describes SQL injection vulnerabilities in PhpWebGallery, detailing vulnerable parameters in the comments.php file. It includes example URLs demonstrating how an attacker could inject malicious SQL queries.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PhpWebGallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PhpWebGallery instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26791

This is a writeup describing SQL injection vulnerabilities in PhpWebGallery. It provides a URL example demonstrating how an attacker can inject SQL queries via the 'search' parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PhpWebGallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable PhpWebGallery instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15837
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21690
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18019
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2881
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21691
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21689

Scores

EPSS 0.0256
EPSS Percentile 83.0%

Details

CWE
CWE-89
Status published
Products (20)
phpwebgallery/phpwebgallery 1.0
phpwebgallery/phpwebgallery 1.1
phpwebgallery/phpwebgallery 1.2.1
phpwebgallery/phpwebgallery 1.3.0
phpwebgallery/phpwebgallery 1.3.1
phpwebgallery/phpwebgallery 1.3.2
phpwebgallery/phpwebgallery 1.3.3
phpwebgallery/phpwebgallery 1.3.4
phpwebgallery/phpwebgallery 1.4.0
phpwebgallery/phpwebgallery 1.4.1
... and 10 more
Published Dec 14, 2005
Tracked Since Feb 18, 2026