{"api_version":"1","generated_at":"2026-06-29T14:27:43+00:00","cve":"CVE-2006-2749","urls":{"html":"https://cve.report/CVE-2006-2749","api":"https://cve.report/api/cve/CVE-2006-2749.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-2749","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-2749"},"summary":{"title":"CVE-2006-2749","description":"SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2006-06-01 10:02:00","updated_at":"2018-10-18 16:41:00"},"problem_types":["NVD-CWE-Other"],"metrics":[],"references":[{"url":"http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt","name":"http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt","refsource":"MISC","tags":["Vendor Advisory"],"title":"","mime":"text/plain","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/18169","name":"18169","refsource":"BID","tags":[],"title":"Open Searchable Image Catalogue Multiple Input Validation Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/20341","name":"20341","refsource":"SECUNIA","tags":["Vendor Advisory"],"title":"Secunia - Advisories - Open Searchable Image Catalogue SQL Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securitytracker.com/id?1016178","name":"1016178","refsource":"SECTRACK","tags":[],"title":"SecurityTracker.com Archives - Open Searchable Image Catalogue Input Validation Holes Permit Cross-Site Scripting and SQL Injection Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://sourceforge.net/forum/forum.php?forum_id=576483","name":"http://sourceforge.net/forum/forum.php?forum_id=576483","refsource":"MISC","tags":[],"title":"Page not found\n    - SourceForge.net","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"http://securityreason.com/securityalert/1014","name":"1014","refsource":"SREASON","tags":[],"title":"Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities - CXSecurity.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/435380/100/0/threaded","name":"20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities","refsource":"BUGTRAQ","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477","name":"http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477","refsource":"MISC","tags":[],"title":"404 Not Found","mime":"text/html","httpstatus":"404","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-2749","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-2749","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"2749","vulnerable":"1","versionEndIncluding":"0.7.0.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"open_searchable_image_catalogue","cpe5":"open_searchable_image_catalogue","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-2749","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://sourceforge.net/forum/forum.php?forum_id=576483","refsource":"MISC","url":"http://sourceforge.net/forum/forum.php?forum_id=576483"},{"name":"20060530 Open Searchable Image Catalogue: XSS and SQL Injection Vulnerabilities","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/435380/100/0/threaded"},{"name":"20341","refsource":"SECUNIA","url":"http://secunia.com/advisories/20341"},{"name":"http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt","refsource":"MISC","url":"http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt"},{"name":"1016178","refsource":"SECTRACK","url":"http://securitytracker.com/id?1016178"},{"name":"http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477","refsource":"MISC","url":"http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477"},{"name":"1014","refsource":"SREASON","url":"http://securityreason.com/securityalert/1014"},{"name":"18169","refsource":"BID","url":"http://www.securityfocus.com/bid/18169"}]}},"nvd":{"publishedDate":"2006-06-01 10:02:00","lastModifiedDate":"2018-10-18 16:41:00","problem_types":["NVD-CWE-Other"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":6.4},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue:*:*:*:*:*:*:*:*","versionEndIncluding":"0.7.0.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"2749","Ordinal":"18069","Title":"CVE-2006-2749","CVE":"CVE-2006-2749","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"2749","Ordinal":"1","NoteData":"SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.","Type":"Description","Title":null},{"CveYear":"2006","CveId":"2749","Ordinal":"2","NoteData":"2006-06-01","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"2749","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}