CVE-2006-6247 Information

Description

Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.

Reference

http://securityreason.com/securityalert/1950 http://www.aria-security.com/forum/showthread.php?t=53 http://www.securityfocus.com/archive/1/452827/100/0/threaded http://www.securityfocus.com/archive/1/459187/100/0/threaded http://www.securityfocus.com/bid/21319 https://exchange.xforce.ibmcloud.com/vulnerabilities/30556