CVE-2006-1659

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/19523	Vendor Advisory
http://www.osvdb.org/24368	Broken Link
http://www.osvdb.org/24369	Broken Link
http://www.osvdb.org/24370	Broken Link
http://www.osvdb.org/24371	Broken Link
http://www.osvdb.org/24372	Broken Link
http://www.securityfocus.com/archive/1/429763/100/0/threaded	Broken Link
http://www.securityfocus.com/bid/17339	Exploit
http://www.vupen.com/english/advisories/2006/1217	Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/25616	Third Party Advisory
http://secunia.com/advisories/19523	Vendor Advisory
http://www.osvdb.org/24368	Broken Link
http://www.osvdb.org/24369	Broken Link
http://www.osvdb.org/24370	Broken Link
http://www.osvdb.org/24371	Broken Link
http://www.osvdb.org/24372	Broken Link
http://www.securityfocus.com/archive/1/429763/100/0/threaded	Broken Link
http://www.securityfocus.com/bid/17339	Exploit
http://www.vupen.com/english/advisories/2006/1217	Not Applicable
https://exchange.xforce.ibmcloud.com/vulnerabilities/25616	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:softbizscripts:image_gallery_script:-:*:*:*:*:*:*:*

History

24 Apr 2026, 18:56

Type	Values Removed	Values Added
First Time		Softbizscripts Softbizscripts image Gallery Script
References	~~() http://www.osvdb.org/24368 -~~	() http://www.osvdb.org/24368 - Broken Link
References	~~() http://www.osvdb.org/24369 -~~	() http://www.osvdb.org/24369 - Broken Link
References	~~() http://www.osvdb.org/24370 -~~	() http://www.osvdb.org/24370 - Broken Link
References	~~() http://www.osvdb.org/24371 -~~	() http://www.osvdb.org/24371 - Broken Link
References	~~() http://www.osvdb.org/24372 -~~	() http://www.osvdb.org/24372 - Broken Link
References	~~() http://www.securityfocus.com/archive/1/429763/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/429763/100/0/threaded - Broken Link
References	~~() http://www.vupen.com/english/advisories/2006/1217 -~~	() http://www.vupen.com/english/advisories/2006/1217 - Not Applicable
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25616 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25616 - Third Party Advisory
CPE	cpe:2.3:a:softbiz:image_gallery::::::::	cpe:2.3:a:softbizscripts:image_gallery_script:-:::::::*

21 Nov 2024, 00:09

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/19523 - Vendor Advisory~~	() http://secunia.com/advisories/19523 - Vendor Advisory
References	~~() http://www.osvdb.org/24368 -~~	() http://www.osvdb.org/24368 -
References	~~() http://www.osvdb.org/24369 -~~	() http://www.osvdb.org/24369 -
References	~~() http://www.osvdb.org/24370 -~~	() http://www.osvdb.org/24370 -
References	~~() http://www.osvdb.org/24371 -~~	() http://www.osvdb.org/24371 -
References	~~() http://www.osvdb.org/24372 -~~	() http://www.osvdb.org/24372 -
References	~~() http://www.securityfocus.com/archive/1/429763/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/429763/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/17339 - Exploit~~	() http://www.securityfocus.com/bid/17339 - Exploit
References	~~() http://www.vupen.com/english/advisories/2006/1217 -~~	() http://www.vupen.com/english/advisories/2006/1217 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25616 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25616 -

Information

Published : 2006-04-07 10:04

Updated : 2026-06-16 22:23

NVD link : CVE-2006-1659

Mitre link : CVE-2006-1659

CVE.ORG link : CVE-2006-1659

JSON object : View

Products Affected

softbizscripts

image_gallery_script

CWE

NVD-CWE-Other

6.4 /10