Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4228

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4228
Last Modified 07 Mar 2011 12:00:00
Published 14 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4228

Summary

Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier.

Vulnerable Systems

Application

  • Phpwebgallery 1.0

  • Phpwebgallery 1.1

  • Phpwebgallery 1.2.1

  • Phpwebgallery 1.3.0

  • Phpwebgallery 1.3.1

  • Phpwebgallery 1.3.2

  • Phpwebgallery 1.3.3

  • Phpwebgallery 1.3.4

  • Phpwebgallery 1.4.0

  • Phpwebgallery 1.4.1

  • Phpwebgallery 1.5.0

  • Phpwebgallery 1.5.1

  • Phpwebgallery 1.5.2

  • Phpwebgallery 1.6

  • Phpwebgallery 1.6.0

  • Phpwebgallery 1.6.1

  • Phpwebgallery 1.6.2

  • Phpwebgallery 1.7.0

  • Phpwebgallery 1.7.1

  • Phpwebgallery 1.7.2


References

VUPEN - ADV-2005-2881

BID - 15837

OSVDB - 21691

OSVDB - 21690

OSVDB - 21689

SECUNIA - 18019

MISC - http://pridels0.blogspot.com/2005/12/phpwebgallery-multiple-sql-inj.html


Last Updated: 27 May 2016 10:41:12