Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2912

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2912
Last Modified 07 Mar 2011 09:37:17
Published 09 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2912

Summary

Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.

Vulnerable Systems

Application

  • Out Of The Trees Web Design Selectapix 1.31


References

MISC - http://secunia.com/secunia_research/2006-39/advisory/

SECUNIA - 20134

VUPEN - ADV-2006-2232

XF - selectapix-multiple-scripts-sql0injection(27013)

BID - 18349

BUGTRAQ - 20060609 Secunia Research: SelectaPix Cross-Site Scripting and SQLInjection Vulnerabilities

OSVDB - 26246

OSVDB - 26245

OSVDB - 26244

OSVDB - 26243

SECTRACK - 1016256


Last Updated: 27 May 2016 10:42:48