SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
tufat mycard 1.0.2