Sql injection

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquerys parameter when the $projectid variable is less than 1, which prevents...

CVE-2006-1667

Summary: CVE-2006-1667 affects Eric Gerdes Crafty Syntax Image Gallery (CSIG) up to version 3.1g. The vulnerability is a SQL injection in slides.php caused when the variable $projectid is less than 1, which prevents the limitquery_s parameter from being set. This enables remote authenticated user...

CVE-2006-1667

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery CSIG aka PHP thumbnail Photo Gallery 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquerys parameter when the $projectid variable is less than 1, which prevents...

PT-2006-2661 · Eric Gerdes · Crafty Syntax Image Gallery

Name of the Vulnerable Software and Affected Versions: Eric Gerdes Crafty Syntax Image Gallery CSIG versions 3.1g and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved via the limitquery s parameter when the $projectid variable is...