CVE-2006-1667

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://bash-x.net/undef/adv/craftygallery.html	URL Repurposed
http://bash-x.net/undef/exploits/crappy_syntax.txt	Exploit URL Repurposed
http://secunia.com/advisories/19478	Vendor Advisory
http://www.osvdb.org/24386
http://www.securityfocus.com/bid/17379	Exploit
http://www.vupen.com/english/advisories/2006/1239
https://exchange.xforce.ibmcloud.com/vulnerabilities/25654
https://www.exploit-db.com/exploits/1645

Configurations

Configuration 1 (hide)

cpe:2.3:a:crafty_syntax_image_gallery:crafty_syntax_image_gallery:3.1g:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) http://bash-x.net/undef/adv/craftygallery.html -~~	(MISC) http://bash-x.net/undef/adv/craftygallery.html - URL Repurposed
References	~~(MISC) http://bash-x.net/undef/exploits/crappy_syntax.txt - Exploit~~	(MISC) http://bash-x.net/undef/exploits/crappy_syntax.txt - Exploit, URL Repurposed

Information

Published : 2006-04-07 10:04

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1667

Mitre link : CVE-2006-1667

CVE.ORG link : CVE-2006-1667

JSON object : View

Products Affected

crafty_syntax_image_gallery

crafty_syntax_image_gallery

CWE

NVD-CWE-Other

{"id": "CVE-2006-1667", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-04-07T10:04:00.000", "references": [{"url": "http://bash-x.net/undef/adv/craftygallery.html", "tags": ["URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://bash-x.net/undef/exploits/crappy_syntax.txt", "tags": ["Exploit", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19478", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24386", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17379", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1239", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25654", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/1645", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:crafty_syntax_image_gallery:crafty_syntax_image_gallery:3.1g:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1D969C9-907A-4203-8A43-DF44E2A62F62"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}