Vulnerabilities > CVE-2006-1659 - Unspecified vulnerability in Softbiz Image Gallery
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN softbiz
exploit available
Summary
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SoftBiz Image Gallery 0 mage_desc.php Multiple Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27542 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27542/ title SoftBiz Image Gallery - mage_desc.php Multiple Parameter SQL Injection description SoftBiz Image Gallery 0 template.php provided Parameter SQL Injection. CVE-2006-1659 . Webapps exploit for php platform id EDB-ID:27543 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27543/ title SoftBiz Image Gallery - template.php provided Parameter SQL Injection description SoftBiz Image Gallery 0 insert_rating.php img_id Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27545 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27545/ title SoftBiz Image Gallery - insert_rating.php img_id Parameter SQL Injection description SoftBiz Image Gallery 0 suggest_image.php cid Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27544 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27544/ title SoftBiz Image Gallery - suggest_image.php cid Parameter SQL Injection description SoftBiz Image Gallery 0 images.php cid Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27546 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27546/ title SoftBiz Image Gallery - images.php cid Parameter SQL Injection
References
- http://secunia.com/advisories/19523
- http://secunia.com/advisories/19523
- http://www.osvdb.org/24368
- http://www.osvdb.org/24368
- http://www.osvdb.org/24369
- http://www.osvdb.org/24369
- http://www.osvdb.org/24370
- http://www.osvdb.org/24370
- http://www.osvdb.org/24371
- http://www.osvdb.org/24371
- http://www.osvdb.org/24372
- http://www.osvdb.org/24372
- http://www.securityfocus.com/archive/1/429763/100/0/threaded
- http://www.securityfocus.com/archive/1/429763/100/0/threaded
- http://www.securityfocus.com/bid/17339
- http://www.securityfocus.com/bid/17339
- http://www.vupen.com/english/advisories/2006/1217
- http://www.vupen.com/english/advisories/2006/1217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25616
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25616