Vulnerability Details CVE-2006-2749
SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.6%
CVSS Severity
CVSS v2 Score 6.4
References
- http://secunia.com/advisories/20341
- http://securityreason.com/securityalert/1014
- http://securitytracker.com/id?1016178
- http://sourceforge.net/forum/forum.php?forum_id=576483
- http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt
- http://www.securityfocus.com/archive/1/435380/100/0/threaded
- http://www.securityfocus.com/bid/18169
- http://secunia.com/advisories/20341
- http://securityreason.com/securityalert/1014
- http://securitytracker.com/id?1016178
- http://sourceforge.net/forum/forum.php?forum_id=576483
- http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477
- http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt
- http://www.securityfocus.com/archive/1/435380/100/0/threaded
- http://www.securityfocus.com/bid/18169
Products affected by CVE-2006-2749
-
cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue:*