CVE-2005-0805 in Subdreamer Lightinfo

Summary

by MITRE

SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 12/09/2025

The vulnerability described in CVE-2005-0805 represents a critical SQL injection flaw within the Subdreamer Light content management system that exploits a fundamental weakness in input validation and parameter handling. This vulnerability specifically targets the index.php file where certain parameters are improperly sanitized when magic_quotes_gpc is enabled, creating a dangerous condition where attacker-controlled data can be directly injected into SQL queries. The flaw manifests through the imageid parameter which flows through the system without adequate sanitization, allowing malicious actors to manipulate database queries through crafted input values that are then processed by imagegallery.php.

The technical exploitation of this vulnerability stems from the improper handling of global variables within the application's PHP code execution environment. When magic_quotes_gpc is enabled, the system should automatically escape certain characters in GET, POST, and COOKIE data, but the Subdreamer Light implementation fails to properly account for this protection mechanism. This creates a scenario where attackers can bypass the automatic escaping by crafting input that exploits the specific parameter handling in imagegallery.php, which does not perform additional sanitization before incorporating the imageid parameter into database queries. The vulnerability operates at the intersection of input validation failure and improper parameter handling, creating a path for arbitrary SQL command execution.

The operational impact of this vulnerability extends beyond simple data theft, as it allows remote attackers to execute arbitrary SQL commands against the underlying database system. Attackers can leverage this weakness to perform unauthorized database operations including data retrieval, modification, deletion, and potentially gain administrative privileges within the database. The vulnerability's remote exploitability means that malicious actors can target the system without requiring physical access or local network presence, making it particularly dangerous for publicly accessible web applications. This type of vulnerability directly violates security principles outlined in CWE-89, which categorizes SQL injection as a critical weakness in software design that allows attackers to manipulate database queries through untrusted input.

The attack vector for this vulnerability aligns with the ATT&CK framework's technique T1190 for exploit public-facing applications, where adversaries target web applications to execute malicious code. The exploitation process typically involves crafting specially formatted requests containing SQL payload within the imageid parameter, which then gets processed by the vulnerable imagegallery.php script. The vulnerability's classification as a remote code execution flaw makes it particularly attractive to threat actors as it provides a direct path to system compromise without requiring additional attack vectors or prerequisites. Organizations running Subdreamer Light systems are at significant risk of data breaches, system compromise, and potential lateral movement within their network infrastructure.

Mitigation strategies for this vulnerability should focus on implementing proper input validation and parameter sanitization mechanisms throughout the application code. The most effective immediate fix involves ensuring that all user-supplied parameters undergo rigorous sanitization before being incorporated into database queries, regardless of magic_quotes_gpc settings. Application developers should implement prepared statements or parameterized queries to prevent SQL injection regardless of the PHP configuration. Additionally, regular security audits should be conducted to identify similar input handling vulnerabilities, and the system should be updated to versions that address this specific weakness. Organizations should also consider implementing web application firewalls and input filtering mechanisms to detect and block malicious SQL injection attempts before they can be processed by the vulnerable application components.

Reservation

03/20/2005

Disclosure

05/02/2005

Moderation

accepted

Entry

VDB-24628

CPE

ready

Exploit

Download

EPSS

0.01229

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!