ID CVE-2006-3163
Summary Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:imgallery:imgallery:*:*:*:*:*:*:*:*
    cpe:2.3:a:imgallery:imgallery:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 18566
misc http://pridels0.blogspot.com/2006/06/imgallery-vuln.html
osvdb 26695
sectrack 1016349
secunia 20763
vim 20060630 IMGallery - "galeria.php" not "galerie.php"
vupen ADV-2006-2471
xf imgallery-galeria-sql-injection(27277)
Last major update 20-07-2017 - 01:32
Published 22-06-2006 - 22:06
Last modified 20-07-2017 - 01:32
Back to Top