Unknown · Absolute Image Gallery Xe · CVE-2007-1469
**Name of the Vulnerable Software and Affected Versions**
Absolute Image Gallery version 2.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `categoryid` parameter in a 'viewimage' action within the gallery.asp file.
**Recommendations**
For Absolute Image Gallery version 2.0, consider restricting access to the `gallery.asp` file until a patch is available, and avoid using the `categoryid` parameter in the 'viewimage' action to minimize the risk of exploitation.