CVE-2006-6195

Name of the Vulnerable Software and Affected Versions Fixit iDMS Pro Image Gallery (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The exploitation can occur through specific parameters in certain files, including the show id or parentid parameter to "filelist.asp", or the fid parameter to "showfile.asp".

Recommendations For Fixit iDMS Pro Image Gallery, consider restricting access to the "filelist.asp" and "showfile.asp" files until a patch is available. As a temporary workaround, avoid using the show id, parentid, and fid parameters in the affected API endpoints until the issue is resolved. Restrict input to these parameters to minimize the risk of SQL injection attacks.