Lucene search

[email protected]CVE-2006-2993

HistoryJun 13, 2006 - 1:02 a.m.

CVE-2006-2993

2006-06-1301:02:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

sql injection

my photo scrapbook

vulnerability

remote execution

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON

Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp.

CPENameOperatorVersion
my_photo_scrapbook:my_photo_scrapbookmy photo scrapbookle1.0

CPE	Name	Operator	Version
my_photo_scrapbook:my_photo_scrapbook	my photo scrapbook	le	1.0

References

pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html

secunia.com/advisories/20554

www.osvdb.org/26281

www.osvdb.org/26282

www.securityfocus.com/bid/18418

www.vupen.com/english/advisories/2006/2244

exchange.xforce.ibmcloud.com/vulnerabilities/27087

9.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

77.1%

JSON