Lucene search

[email protected]CVE-2006-1667

HistoryApr 07, 2006 - 10:04 a.m.

CVE-2006-1667

2006-04-0710:04:00

[email protected]

web.nvd.nist.gov

cve-2006-1667

sql injection

slides.php

csig

php thumbnail photo gallery

eric gerdes crafty syntax image gallery

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

Affected configurations

NVD

Node

crafty_syntax_image_gallerycrafty_syntax_image_galleryMatch3.1g

CPENameOperatorVersion
crafty_syntax_image_gallery:crafty_syntax_image_gallerycrafty syntax image galleryeq3.1g

CPE	Name	Operator	Version
crafty_syntax_image_gallery:crafty_syntax_image_gallery	crafty syntax image gallery	eq	3.1g

References

bash-x.net/undef/adv/craftygallery.html

bash-x.net/undef/exploits/crappy_syntax.txt

secunia.com/advisories/19478

www.osvdb.org/24386

www.securityfocus.com/bid/17379

www.vupen.com/english/advisories/2006/1239

exchange.xforce.ibmcloud.com/vulnerabilities/25654

www.exploit-db.com/exploits/1645

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2006-1667

prion1 cvelist1 nvd1