ID OSVDB:25953 Type osvdb Reporter r0t(krustevs@googlemail.com) Modified 2006-06-05T05:05:36
Description
Vulnerability Description
Particle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
Solution Description
Upgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability.
Short Description
Particle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
References:
Vendor URL: http://www.particlesoft.net/particlegallery/
Vendor Specific Solution URL: http://www.particlesoft.net/downloads.htm
Secunia Advisory ID:20427
Other Advisory URL: http://pridels.blogspot.com/2006/06/particle-gallery-sql-inj.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0006.html
FrSIRT Advisory: ADV-2006-2121
CVE-2006-2862
Bugtraq ID: 18270
{"id": "OSVDB:25953", "bulletinFamily": "software", "title": "Particle Gallery viewimage.php imageid Variable SQL Injection", "description": "## Vulnerability Description\nParticle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## Solution Description\nUpgrade to version 1.0.1 or higher, as it has been reported to fix this vulnerability.\n## Short Description\nParticle gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewimage.php script not properly sanitizing user-supplied input to the imageid variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.\n## References:\nVendor URL: http://www.particlesoft.net/particlegallery/\nVendor Specific Solution URL: http://www.particlesoft.net/downloads.htm\n[Secunia Advisory ID:20427](https://secuniaresearch.flexerasoftware.com/advisories/20427/)\nOther Advisory URL: http://pridels.blogspot.com/2006/06/particle-gallery-sql-inj.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0006.html\nFrSIRT Advisory: ADV-2006-2121\n[CVE-2006-2862](https://vulners.com/cve/CVE-2006-2862)\nBugtraq ID: 18270\n", "published": "2006-06-05T05:05:36", "modified": "2006-06-05T05:05:36", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:25953", "reporter": "r0t(krustevs@googlemail.com)", "references": [], "cvelist": ["CVE-2006-2862"], "type": "osvdb", "lastseen": "2017-04-28T13:20:22", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d5142217e648f40439fba07ccf04d144"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "62524cbc28d8ad6af5b1fe3a492f5b18"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "a6228e845e471777e4959f331b44d09f"}, {"key": "href", "hash": "61ec759196a3bd68ebf7ba102eb6e495"}, {"key": "modified", "hash": "420119b942cbe1e9269785fb829147ca"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "420119b942cbe1e9269785fb829147ca"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "03dc8b773aeffb68c06b0976b3061a22"}, {"key": "title", "hash": "07453d18c59f35cfb07b4edfa77fc6be"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}], "hash": "7c18bd871a7003af7387ed226704473ee0dfa75327fecce8ad7bce2b8397253a", "viewCount": 0, "objectVersion": "1.2", "affectedSoftware": [{"name": "Particle Gallery", "operator": "eq", "version": "1.0.0"}], "enchantments": {"vulnersScore": 7.5}}
{"result": {"cve": [{"id": "CVE-2006-2862", "type": "cve", "title": "CVE-2006-2862", "description": "SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the imageid parameter.", "published": "2006-06-06T16:06:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2862", "cvelist": ["CVE-2006-2862"], "lastseen": "2016-09-03T07:03:46"}]}}