This host is running Photo Gallery for osCommerce which is prone to SQL Injection vulnerability in gallery_process.php.

Successful exploitation will allow the attacker to acces the whole Database.

Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID'] and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php, search for: require('includes/application_top.php') require(DIR_WS_LANGUAGES . $language . '/gallery_user.php') and change to: require('includes/application_top.php') if (!tep_session_is_registered('customer_id')) { tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')) } require(DIR_WS_LANGUAGES . $language . '/gallery_user.php')

Input passed to the parameters in gallery_process.php are not properly sanitised before being used in the SQL queries.

Photo Gallery (http://oscommerce-photo-gallery.micrographx.be) <= version 0.6