Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
https://exchange.xforce.ibmcloud.com/vulnerabilities/27277
http://www.vupen.com/english/advisories/2006/2471
http://www.securityfocus.com/bid/18566
http://www.attrition.org/pipermail/vim/2006-June/000909.html
http://securitytracker.com/id?1016349