Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2748

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2748
Last Modified 05 Sep 2008 05:05:20
Published 01 Jun 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2748

Summary

SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.

Vulnerable Systems

Application

  • Open Searchable Image Catalogue 0.7.0.0


References

BID - 18169

BUGTRAQ - 20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities

MISC - http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt

MISC - http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=576483

SECTRACK - 1016178

SECUNIA - 20341

XF - osic-adminfunctions-editcatalogue-sql-inj(26968)

SREASON - 1014


Last Updated: 27 May 2016 10:42:44