CVE-2006-2749

2006-06-0110:00:00

mitre

www.cve.org

AI Score

7.8

Confidence

Low

EPSS

0.009

Percentile

82.6%

JSON

SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.

References

secunia.com/advisories/20341

securityreason.com/securityalert/1014

securitytracker.com/id?1016178

sourceforge.net/forum/forum.php?forum_id=576483

svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477

www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt

www.securityfocus.com/archive/1/435380/100/0/threaded

www.securityfocus.com/bid/18169