CVE-2005-4251

mcGallery PRO 2.2 - SQL Injection via id start rand or album Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4251. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in mcGallery PRO due to improper input sanitization. It includes example URLs demonstrating the vulnerable parameters but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26809

The provided text describes SQL injection vulnerabilities in mcGallery PRO due to improper input sanitization. It includes example URLs demonstrating the vulnerable parameters but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: mcGallery PRO
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26810

The provided text describes a vulnerability in mcGallery PRO related to input validation failures, leading to SQL injection and other attacks. It includes a generic example URL but lacks actual exploit code or technical details for execution.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: mcGallery PRO
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21719
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18039
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15845
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21720
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2886

Scores

EPSS 0.0129
EPSS Percentile 66.5%

Details

Status published
Products (3)
mcgallery/mcgallery_pro 1.0
mcgallery/mcgallery_pro 1.1
mcgallery/mcgallery_pro 2.2
Published Dec 14, 2005
Tracked Since Feb 18, 2026