FYI:
Photo Gallery for osCommerce is prone to SQL Injection vulnerabillity in
gallery_process.php.
Hotfix:
Edit gallery_process.php and change all occurrences of $_GET['cID'] to (int)$_GET['cID']
and all occurrences of $_GET['pID'] to (int)$_GET['pID']. Then, at the top of gallery_process php,
search for:
require('includes/application_top.php');
require(DIR_WS_LANGUAGES . $language . '/gallery_user.php');
and change to:
require('includes/application_top.php');
if (!tep_session_is_registered('customer_id')) {
tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
}
require(DIR_WS_LANGUAGES . $language . '/gallery_user.php');
Micha