Lucene search

[email protected]CVE-2006-2214

HistoryMay 05, 2006 - 12:46 p.m.

CVE-2006-2214

2006-05-0512:46:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

4images

security vulnerability

remote attack

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. NOTE: this issue has also been reported to affect 1.7.2.

CPENameOperatorVersion
4images:image_gallery_management_system4images image gallery management systemle1.7.2
4images:image_gallery_management_system4images image gallery management systemeq1.7.1

CPE	Name	Operator	Version
4images:image_gallery_management_system	4images image gallery management system	le	1.7.2
4images:image_gallery_management_system	4images image gallery management system	eq	1.7.1

References

archives.neohapsis.com/archives/bugtraq/2006-05/0012.html

secunia.com/advisories/19908

www.osvdb.org/25153

www.osvdb.org/25154

www.securityfocus.com/bid/17748

www.vupen.com/english/advisories/2006/1604

exchange.xforce.ibmcloud.com/vulnerabilities/26184

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.2%

JSON

Related for CVE-2006-2214

prion1