Lucene search

MitreCVE-2006-2749

HistoryJun 01, 2006 - 10:02 a.m.

CVE-2006-2749

2006-06-0110:02:00

mitre

web.nvd.nist.gov

cve-2006-2749

sql injection

osic

security vulnerability

search.php

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.9

Confidence

Low

EPSS

0.009

Percentile

82.6%

JSON

SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.

Affected configurations

Nvd

Node

open_searchable_image_catalogueopen_searchable_image_catalogueRange≤0.7.0.0

VendorProductVersionCPE
open_searchable_image_catalogueopen_searchable_image_catalogue*cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
open_searchable_image_catalogue	open_searchable_image_catalogue	*	cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue::::::::

References

secunia.com/advisories/20341

securityreason.com/securityalert/1014

securitytracker.com/id?1016178

sourceforge.net/forum/forum.php?forum_id=576483

svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477

www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt

www.securityfocus.com/archive/1/435380/100/0/threaded

www.securityfocus.com/bid/18169

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

7.9

Confidence

Low

EPSS

0.009

Percentile

82.6%

JSON

Related for CVE-2006-2749