3 matches found
CVE-2005-4250
CVE-2005-4250 affects mcGallery PRO 2.2 and earlier, with a directory traversal vulnerability that allows remote attackers to read arbitrary files through the language parameter. The NVD entry notes a Partial Confidentiality impact (NETWORK access, low complexity, no authentication), but exploita...
CVE-2005-4251
CVE-2005-4251 affects mcGallery PRO 2.2 and earlier, with multiple SQL injection flaws that allow remote execution of arbitrary SQL via parameters (id, start, rand in show.php; album in index.php). The vulnerability is documented in the NVD entry and related CVE references; base score 7.5 (High) ...
CVE-2006-4720
The CVE-2006-4720 issue affects mcGalleryPRO 2006, specifically the random2.php file. A PHP remote file inclusion vulnerability exists where an attacker can supply a URL in the path_to_folder parameter to execute arbitrary PHP code on the server. The vulnerability is tied to the random2.php path ...