Softbiz Image Gallery suggest_image.php cid Variable SQL Injection
Posted on 04 April 2006
Softbiz Image Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the suggest_image.php script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
Manual Testing Notes
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
- SoftbizScripts.com Image Gallery Unknown or Unspecified Affected
- Remote vulnerability
- Input manipulation attack
- Impact on confidentiality
- Impact on integrity
- Exploit rumored
- Secunia Advisory ID: 19523
- Mail List Post: go there
- Vendor URL: go there
- Related OSVDB ID: 24368
- Related OSVDB ID: 24369
- Related OSVDB ID: 24371
- Related OSVDB ID: 24372
- CVE ID: 2006-1659
- Bugtraq ID: 17339
- FrSIRT Advisory: ADV-2006-1217
The HNS Vulnerabilities section is powered by OSVDB
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.