A SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through «id» parameter on the album page.