CVE-2006-1659

Name of the Vulnerable Software and Affected Versions: Softbiz Image Gallery (affected versions not specified)

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through several parameters in different files, including the id parameter in "image desc.php", the provided parameter in "template.php", the cid parameter in "suggest image.php" and "images.php", and the img id parameter in "insert rating.php".

Recommendations: For the id parameter in "image desc.php", avoid using it until a fix is available. For the provided parameter in "template.php", restrict its use to minimize risk. For the cid parameter in "suggest image.php" and "images.php", consider disabling these parameters temporarily. For the img id parameter in "insert rating.php", refrain from using it until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.