CVE-2006-2080

Name of the Vulnerable Software and Affected Versions Verosky Media Instant Photo Gallery version 1.0.2

Description The issue allows remote attackers to execute arbitrary SQL commands via the id parameter in the portfolio photo popup.php file, which is not properly cleansed before calling the count click function in includes/functions/fns std.php. This could potentially lead to resultant XSS.

Recommendations For Verosky Media Instant Photo Gallery version 1.0.2, consider disabling the count click function in includes/functions/fns std.php or restricting access to the portfolio photo popup.php file until a patch is available. Avoid using the id parameter in the affected file to minimize the risk of exploitation.