CVE-2006-6932 - Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers

CVE-2006-6932

Summary

Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.

References

http://securityreason.com/securityalert/2147
http://www.securityfocus.com/archive/1/451875/100/0/threaded
http://www.securityfocus.com/bid/21131

Vulnerable Configurations

cpe:2.3:a:image_gallery_with_access_database:image_gallery_with_access_database:*:*:*:*:*:*:*:*
cpe:2.3:a:image_gallery_with_access_database:image_gallery_with_access_database:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 16-10-2018 - 16:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21131
bugtraq	20061116 Image gallery with Access Database SQL Injection
sreason	2147

Last major update

16-10-2018 - 16:29

Published

16-01-2007 - 23:28

Last modified

16-10-2018 - 16:29