CVE-2006-2748 Information
Description
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
Reference
http://secunia.com/advisories/20341 http://securityreason.com/securityalert/1014 http://securitytracker.com/id?1016178 http://sourceforge.net/forum/forum.php?forum_id=576483 http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/core.php?r1=477&r2=631 http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt http://www.securityfocus.com/archive/1/435380/100/0/threaded http://www.securityfocus.com/bid/18169 https://exchange.xforce.ibmcloud.com/vulnerabilities/26968
Share on: