Ruben Ventura Piña

**Name of the Vulnerable Software and Affected Versions** Matteo Binda ASP Photo Gallery version 1.0 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `id` parameter to API endpoints such as "Imgbig.asp", "thumb.asp", and "thumbricerca.asp", as well as the `ricerca` parameter to the "thumbricerca.asp" endpoint. **Recommendations** For Matteo Binda ASP Photo Gallery version 1.0, consider restricting access to the `id` and `ricerca` parameters in the affected API endpoints until a patch is available. As a temporary workaround, avoid using the `id` parameter in "Imgbig.asp", "thumb.asp", and "thumbricerca.asp", and the `ricerca` parameter in "thumbricerca.asp" to minimize the risk of exploitation.