Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1659

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1659
Last Modified 07 Mar 2011 09:33:30
Published 07 Apr 2006 06:04:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1659

Summary

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

Vulnerable Systems

Application

  • Softbiz Image Gallery


References

VUPEN - ADV-2006-1217

BID - 17339

BUGTRAQ - 20060331 SQL Injection in Softbiz Image Gallery

OSVDB - 24372

OSVDB - 24371

OSVDB - 24370

OSVDB - 24369

OSVDB - 24368

SECUNIA - 19523

XF - softbizimagegallery-multiple-sql-injection(25616)


Last Updated: 27 May 2016 10:42:09