CVE-2006-6937

Summary

SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.