{"id": "OSVDB:25953", "bulletinFamily": "software", "title": "Particle Gallery viewimage.php imageid Variable SQL Injection", "description": "## Vulnerability Description\nParticle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability.\n## Short Description\nParticle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.particlesoft.net/particlegallery/\nVendor Specific Solution URL: http://www.particlesoft.net/downloads.htm\n[Secunia Advisory ID:20427](https://secuniaresearch.flexerasoftware.com/advisories/20427/)\nOther Advisory URL: http://pridels.blogspot.com/2006/06/particle-gallery-sql-inj.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0006.html\nFrSIRT Advisory: ADV-2006-2121\n[CVE-2006-2862](https://vulners.com/cve/CVE-2006-2862)\nBugtraq ID: 18270\n", "published": "2006-06-05T05:05:36", "modified": "2006-06-05T05:05:36", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:25953", "reporter": "r0t(krustevs@googlemail.com)", "references": [], "cvelist": ["CVE-2006-2862"], "type": "osvdb", "lastseen": "2017-04-28T13:20:22", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d5142217e648f40439fba07ccf04d144"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "62524cbc28d8ad6af5b1fe3a492f5b18"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "a6228e845e471777e4959f331b44d09f"}, {"key": "href", "hash": "61ec759196a3bd68ebf7ba102eb6e495"}, {"key": "modified", "hash": "420119b942cbe1e9269785fb829147ca"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "420119b942cbe1e9269785fb829147ca"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "03dc8b773aeffb68c06b0976b3061a22"}, {"key": "title", "hash": "07453d18c59f35cfb07b4edfa77fc6be"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "7c18bd871a7003af7387ed226704473ee0dfa75327fecce8ad7bce2b8397253a", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "Particle Gallery", "operator": "eq", "version": "1.0.0"}], "enchantments": {"vulnersScore": 7.5}}

{"result": {"cve": [{"id": "CVE-2006-2862", "type": "cve", "title": "CVE-2006-2862", "description": "SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter.", "published": "2006-06-06T16:06:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2862", "cvelist": ["CVE-2006-2862"], "lastseen": "2016-09-03T07:03:46"}]}}