Lucene search

MitreCVE-2006-2748

HistoryJun 01, 2006 - 10:02 a.m.

CVE-2006-2748

2006-06-0110:02:00

mitre

web.nvd.nist.gov

cve-2006-2748

sql injection

osic

remote attackers

nvd

security vulnerability

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.017

Percentile

87.8%

JSON

SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.

Affected configurations

Nvd

Node

open_searchable_image_catalogueopen_searchable_image_catalogueRange≤0.7.0.0

VendorProductVersionCPE
open_searchable_image_catalogueopen_searchable_image_catalogue*cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open_searchable_image_catalogue	open_searchable_image_catalogue	*	cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue::::::::

References

secunia.com/advisories/20341

securityreason.com/securityalert/1014

securitytracker.com/id?1016178

sourceforge.net/forum/forum.php?forum_id=576483

svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631

www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt

www.securityfocus.com/archive/1/435380/100/0/threaded

www.securityfocus.com/bid/18169

exchange.xforce.ibmcloud.com/vulnerabilities/26968

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.017

Percentile

87.8%

JSON

Related for CVE-2006-2748