SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows remote malicious users to execute arbitrary SQL commands via the ID parameter.
mxmania gallery mx 2.0.0