Vulnerabilities > CVE-2006-1659 - SQL Injection vulnerability in Softbiz Image Gallery
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php. This vulnerability most likely affects all versions of Softbiz, Image Gallery.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
description SoftBiz Image Gallery 0 mage_desc.php Multiple Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27542 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27542/ title SoftBiz Image Gallery - mage_desc.php Multiple Parameter SQL Injection description SoftBiz Image Gallery 0 template.php provided Parameter SQL Injection. CVE-2006-1659 . Webapps exploit for php platform id EDB-ID:27543 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27543/ title SoftBiz Image Gallery - template.php provided Parameter SQL Injection description SoftBiz Image Gallery 0 insert_rating.php img_id Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27545 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27545/ title SoftBiz Image Gallery - insert_rating.php img_id Parameter SQL Injection description SoftBiz Image Gallery 0 suggest_image.php cid Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27544 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27544/ title SoftBiz Image Gallery - suggest_image.php cid Parameter SQL Injection description SoftBiz Image Gallery 0 images.php cid Parameter SQL Injection. CVE-2006-1659. Webapps exploit for php platform id EDB-ID:27546 last seen 2016-02-03 modified 2006-03-31 published 2006-03-31 reporter Linux_Drox source https://www.exploit-db.com/download/27546/ title SoftBiz Image Gallery - images.php cid Parameter SQL Injection
References
- http://secunia.com/advisories/19523
- http://www.osvdb.org/24368
- http://www.osvdb.org/24369
- http://www.osvdb.org/24370
- http://www.osvdb.org/24371
- http://www.osvdb.org/24372
- http://www.securityfocus.com/archive/1/429763/100/0/threaded
- http://www.securityfocus.com/bid/17339
- http://www.vupen.com/english/advisories/2006/1217
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25616