CVE-2006-1659

Softbiz Image Gallery - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2006-1659. PoCs published by Linux_Drox.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Softbiz Image Gallery, where the 'provided' parameter in template.php is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Description

Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.

Exploits (5)

exploitdb WRITEUP VERIFIED
by Linux_Drox · textwebappsphp
https://www.exploit-db.com/exploits/27543

The provided text describes a SQL injection vulnerability in Softbiz Image Gallery, where the 'provided' parameter in template.php is not properly sanitized. It lacks actual exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Softbiz Image Gallery
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Linux_Drox · textwebappsphp
https://www.exploit-db.com/exploits/27544

The provided text describes a SQL injection vulnerability in Softbiz Image Gallery, where the 'cid' parameter in 'suggest_image.php' is not properly sanitized. This allows attackers to inject malicious SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Softbiz Image Gallery
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Linux_Drox · textwebappsphp
https://www.exploit-db.com/exploits/27542

The provided text describes a SQL injection vulnerability in Softbiz Image Gallery, where the 'id' parameter in 'image_desc.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Softbiz Image Gallery
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Linux_Drox · textwebappsphp
https://www.exploit-db.com/exploits/27545

The provided text describes a SQL injection vulnerability in Softbiz Image Gallery, specifically in the 'insert_rating.php' script. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Softbiz Image Gallery
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Linux_Drox · textwebappsphp
https://www.exploit-db.com/exploits/27546

The provided text describes a SQL injection vulnerability in Softbiz Image Gallery, where the 'cid' parameter in 'images.php' is not properly sanitized. It lacks actual exploit code, serving only as a vulnerability description.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Softbiz Image Gallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24371
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24368
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25616
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17339
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/429763/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19523
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24370
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1217
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24372
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/24369

Scores

EPSS 0.0218
EPSS Percentile 80.0%

Details

Status published
Products (2)
softbiz/image_gallery
softbizscripts/image_gallery_script
Published Apr 07, 2006
Tracked Since Feb 18, 2026