CVE-2006-2214 Information

Description

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. NOTE: this issue has also been reported to affect 1.7.2.

Reference

http://archives.neohapsis.com/archives/bugtraq/2006-05/0012.html http://secunia.com/advisories/19908 http://www.osvdb.org/25153 http://www.osvdb.org/25154 http://www.securityfocus.com/bid/17748 http://www.vupen.com/english/advisories/2006/1604 https://exchange.xforce.ibmcloud.com/vulnerabilities/26184