CVE-2006-2749 Information

Description

SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.

Reference

http://secunia.com/advisories/20341 http://securityreason.com/securityalert/1014 http://securitytracker.com/id?1016178 http://sourceforge.net/forum/forum.php?forum_id=576483 http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477 http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt http://www.securityfocus.com/archive/1/435380/100/0/threaded http://www.securityfocus.com/bid/18169