7.5

CVE-2006-1667

Exploit

EPSS 2.07%
Veröffentlicht 07.04.2006 10:04:00
Zuletzt bearbeitet 16.06.2026 22:23:24
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 11

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Crafty Syntax Image Gallery ≫ Crafty Syntax Image Gallery Version3.1g

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.07%	0.789

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

Es wurden noch keine Informationen zu CWE veröffentlicht.

http://bash-x.net/undef/adv/craftygallery.html

URL Repurposed

http://bash-x.net/undef/exploits/crappy_syntax.txt

Exploit

URL Repurposed

http://secunia.com/advisories/19478

Vendor Advisory

http://www.osvdb.org/24386

http://www.securityfocus.com/bid/17379

Exploit

http://www.vupen.com/english/advisories/2006/1239

https://exchange.xforce.ibmcloud.com/vulnerabilities/25654

https://www.exploit-db.com/exploits/1645

https://nvd.nist.gov/vuln/detail/CVE-2006-1667

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2006-1667

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2006-1667

EUVD