CVE-2006-2748

Summary

CVE	CVE-2006-2748
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2006-06-01 10:02:00 UTC
Updated	2018-10-18 16:41:00 UTC
Description	SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.

Risk And Classification

Problem Types: NVD-CWE-Other

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Open Searchable Image Catalogue	Open Searchable Image Catalogue	All	All	All	All

References

Reference	Source	Link	Tags
www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt	MISC	www.seclab.tuwien.ac.at	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities	BID	www.securityfocus.com
Page not found - SourceForge.net	CONFIRM	sourceforge.net
Secunia - Advisories - Open Searchable Image Catalogue SQL Injection Vulnerabilities	SECUNIA	secunia.com	Vendor Advisory
SecurityTracker.com Archives - Open Searchable Image Catalogue Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks	SECTRACK	securitytracker.com
404 Not Found	MISC	svn.sourceforge.net
Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities - CXSecurity.com	SREASON	securityreason.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.