Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2688
HistoryDec 26, 2007 - 12:00 a.m.

SelectaPix远程SQL注入漏洞

2007-12-2600:00:00
Root
www.seebug.org
11

0.006 Low

EPSS

Percentile

75.3%

JSON

BUGTRAQ ID: 18349
CVE(CAN) ID: CVE-2006-2912

SelectaPix是一款基于WEB的图片管理工具。

SelectaPix对用户提交给的参数缺少正确充分的过滤,远程攻击者可以利用此漏洞非授权操作数据库。

SelectaPix的多个脚本对用户提交参数数据缺少充分过滤,远程攻击者可以通过在输入数据中插入特定的SQL命令来非授权获取对数据库的访问。

Out of the Trees SelectaPix 1.31
Out of the Trees

目前厂商已经在最新版本的软件中修复了这个安全问题,请到厂商的主页下载:

<a href=“http://www.outofthetrees.co.uk/selectapix/index.php” target=“_blank”>http://www.outofthetrees.co.uk/selectapix/index.php</a>


                                                http://[host]/view_album.php?albumID=[code]
http://[host]/popup.php?albumID=2&amp;imageID=[code]
http://[host]/index.php?albumID=[code]

Related

prion 1
cve 1
packetstorm 1
prion
prion
Sql injection
2006-06-09 10:02:00
cve
cve
CVE-2006-2912
2006-06-09 10:02:00
packetstorm
packetstorm
secunia-SelectaPix.txt
2006-06-12 00:00:00

0.006 Low

EPSS

Percentile

75.3%

JSON
Related for SSV:2688
prion1cve1packetstorm1