Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1667

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1667
Last Modified 07 Mar 2011 09:33:33
Published 07 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1667

Summary

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

Vulnerable Systems

Application

  • Crafty Syntax Image Gallery 3.1g


References

VUPEN - ADV-2006-1239

BID - 17379

SECUNIA - 19478

MILW0RM - 1645

MISC - http://bash-x.net/undef/exploits/crappy_syntax.txt

MISC - http://bash-x.net/undef/adv/craftygallery.html

XF - crafty-slides-sql-injection(25654)

OSVDB - 24386


Last Updated: 27 May 2016 10:42:09