ID CVE-2006-5140Type cveReporter NVDModified 2017-10-18T21:29:29
Description
SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.
{"id": "CVE-2006-5140", "bulletinFamily": "NVD", "title": "CVE-2006-5140", "description": "SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.", "published": "2006-10-03T00:03:00", "modified": "2017-10-18T21:29:29", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5140", "reporter": "NVD", "references": ["https://www.exploit-db.com/exploits/2456", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29270", "http://www.securityfocus.com/bid/20270"], "cvelist": ["CVE-2006-5140"], "type": "cve", "lastseen": "2017-10-19T11:12:33", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:lappy512:php_krazy_image_host_script:0.7a"], "cvelist": ["CVE-2006-5140"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 2, "enchantments": {}, "hash": "9545f11180fc86cab597b301b2bfaae5152472ab26d95be8d8dbbe4696cdc1df", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ab7a77d1487ecd07498a5f6d4a6db535", "key": "cvelist"}, {"hash": "4f79f8e0d3648d4baa05bbbfe326135f", "key": "modified"}, {"hash": "c419a7dbcecf72657188292fc81b66f1", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1ad6690d31f66c7b8f1f0039cc5565ca", "key": "href"}, {"hash": "0fc40d76fd1e3d87e659dcab08aea2a8", "key": "description"}, {"hash": "2d1d88e16acc7fc093cd74c5c41fa973", "key": "title"}, {"hash": "8d8304f5f58222e2a5526c75fc5ae4f8", "key": "cpe"}, {"hash": "7ca23b1a5aafdd0accab4d7f3644607f", "key": "references"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5140", "id": "CVE-2006-5140", "lastseen": "2017-07-20T10:49:34", "modified": "2017-07-19T21:33:33", "objectVersion": "1.3", "published": "2006-10-03T00:03:00", "references": ["http://milw0rm.com/exploits/2456", "https://exchange.xforce.ibmcloud.com/vulnerabilities/29270", "http://www.securityfocus.com/bid/20270"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-5140", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-07-20T10:49:34"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:lappy512:php_krazy_image_host_script:0.7a"], "cvelist": ["CVE-2006-5140"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.", "edition": 1, "enchantments": {}, "hash": "f8c596237d327f3f811ba1029336055ca9ed9633bc350e8391467dab2b306a56", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "85232f093be19e3b480a6575e97f5aae", "key": "references"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "ab7a77d1487ecd07498a5f6d4a6db535", "key": "cvelist"}, {"hash": "c419a7dbcecf72657188292fc81b66f1", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "1ad6690d31f66c7b8f1f0039cc5565ca", "key": "href"}, {"hash": "0fc40d76fd1e3d87e659dcab08aea2a8", "key": "description"}, {"hash": "2d1d88e16acc7fc093cd74c5c41fa973", "key": "title"}, {"hash": "8d8304f5f58222e2a5526c75fc5ae4f8", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "093386b107ce27ccc807d23f45cad715", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5140", "id": "CVE-2006-5140", "lastseen": "2016-09-03T07:39:27", "modified": "2011-03-07T21:42:37", "objectVersion": "1.2", "published": "2006-10-03T00:03:00", "references": ["http://milw0rm.com/exploits/2456", "http://www.securityfocus.com/bid/20270", "http://xforce.iss.net/xforce/xfdb/29270"], "reporter": "NVD", "scanner": [], "title": "CVE-2006-5140", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T07:39:27"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "8d8304f5f58222e2a5526c75fc5ae4f8"}, {"key": "cvelist", "hash": "ab7a77d1487ecd07498a5f6d4a6db535"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "0fc40d76fd1e3d87e659dcab08aea2a8"}, {"key": "href", "hash": "1ad6690d31f66c7b8f1f0039cc5565ca"}, {"key": "modified", "hash": "eb21f77b793b13316c309b710d7960c0"}, {"key": "published", "hash": "c419a7dbcecf72657188292fc81b66f1"}, {"key": "references", "hash": "6c2f15366313855ae77cb4d2f8afb4f8"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "2d1d88e16acc7fc093cd74c5c41fa973"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ea91f8040674666a51100612aa8af9983d711d91c02b79dc3d275e7d617aadfd", "viewCount": 0, "enchantments": {"vulnersScore": 3.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:lappy512:php_krazy_image_host_script:0.7a"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"exploitdb": [{"id": "EDB-ID:2456", "type": "exploitdb", "title": "PHP Krazy Image Hosting 0.7a display.php SQL Injection Exploit", "description": "PHP Krazy Image Hosting 0.7a (display.php) SQL Injection Exploit. CVE-2006-5140. Webapps exploit for php platform", "published": "2006-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/2456/", "cvelist": ["CVE-2006-5140"], "lastseen": "2016-01-31T16:17:55"}], "osvdb": [{"id": "OSVDB:37968", "type": "osvdb", "title": "PHP Krazy Image Host Script display.php id Variable SQL Injection", "description": "# No description provided by the source\n\n## References:\nISS X-Force ID: 29270\nGeneric Exploit URL: http://milw0rm.com/exploits/2456\n[CVE-2006-5140](https://vulners.com/cve/CVE-2006-5140)\nBugtraq ID: 20270\n", "published": "2006-09-29T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:37968", "cvelist": ["CVE-2006-5140"], "lastseen": "2017-04-28T13:20:33"}]}}
