CVE-2006-2749
Summary
| CVE | CVE-2006-2749 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2006-06-01 10:02:00 UTC |
| Updated | 2018-10-18 16:41:00 UTC |
| Description | SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Open Searchable Image Catalogue | Open Searchable Image Catalogue | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt | MISC | www.seclab.tuwien.ac.at | Vendor Advisory |
| Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities | BID | www.securityfocus.com | |
| Secunia - Advisories - Open Searchable Image Catalogue SQL Injection Vulnerabilities | SECUNIA | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - Open Searchable Image Catalogue Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks | SECTRACK | securitytracker.com | |
| Page not found - SourceForge.net | MISC | sourceforge.net | |
| Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities - CXSecurity.com | SREASON | securityreason.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| 404 Not Found | MISC | svn.sourceforge.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.