2 matches found
CVE-2006-6117
CVE-2006-6117 is a SQL injection vulnerability in the index1.asp component of fipsGallery 1.5 and earlier. It allows remote attackers to inject arbitrary SQL commands via the irrelevant-parameter named “which”, potentially compromising data through the affected page. The CVSS2 base score is 7.5 (...
CVE-2006-3022
CVE-2006-3022 is an XSS vulnerability in zoom.php of fipsGallery 1.5 and earlier. The issue arises via the path parameter, enabling remote attackers to inject arbitrary web script or HTML. Affected product/version: fipsGallery 1.5 and earlier (component: zoom.php). Underlying impact: shows partia...