SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.
http://secunia.com/advisories/17767
http://pridels0.blogspot.com/2005/11/babe-logger-v2-sql-inj-vuln.html