CVE-2005-4244

Snipe Gallery < 3.1.4 - SQL Injection via Gallery ID or Image ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4244. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Snipe Gallery versions 3.1.4 and prior, where the 'gallery_id' parameter in 'view.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Description

SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26799

The provided text describes a SQL injection vulnerability in Snipe Gallery versions 3.1.4 and prior, where the 'gallery_id' parameter in 'view.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Snipe Gallery <= 3.1.4
No auth needed
Prerequisites: Access to the vulnerable 'view.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26800

The provided text describes a SQL injection vulnerability in Snipe Gallery versions 3.1.4 and prior, where the 'image_id' parameter in 'image.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Snipe Gallery <= 3.1.4
No auth needed
Prerequisites: Access to the vulnerable 'image.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18022
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2882
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21694
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15844
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21693

Scores

EPSS 0.0255
EPSS Percentile 83.0%

Details

CWE
CWE-89
Status published
Products (1)
snipegallery/snipe_gallery < 3.1.4
Published Dec 14, 2005
Tracked Since Feb 18, 2026