Vulnerabilities > CVE-2006-0402 - SQL Injection vulnerability in Zoph 0.3.3/0.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-989.NASL |
description | Neil McBride discovered that Zoph, a web-based photo management system performs insufficient sanitising for input passed to photo searches, which may lead to the execution of SQL commands through a SQL injection attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22855 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22855 |
title | Debian DSA-989-1 : zoph - SQL injection |
code |
|
References
- http://secunia.com/advisories/18563
- http://secunia.com/advisories/19153
- http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=387320
- http://www.debian.org/security/2006/dsa-989
- http://www.osvdb.org/22743
- http://www.securityfocus.com/bid/16347
- http://www.vupen.com/english/advisories/2006/0297
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24264