Vulnerabilities > CVE-2006-2040 - SQL Injection vulnerability in Photokorn 1.53/1.542
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php; and (5) cat parameter in print.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description photokorn 1.53/1.54 postcard.php id Parameter SQL Injection. CVE-2006-2040. Webapps exploit for php platform id EDB-ID:27732 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter Dr.Jr7 source https://www.exploit-db.com/download/27732/ title photokorn 1.53/1.54 postcard.php id Parameter SQL Injection description photokorn 1.53/1.54 print.php cat Parameter SQL Injection. CVE-2006-2040. Webapps exploit for php platform id EDB-ID:27733 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter Dr.Jr7 source https://www.exploit-db.com/download/27733/ title photokorn 1.53/1.54 print.php cat Parameter SQL Injection description photokorn 1.53/1.54 index.php Multiple Parameter SQL Injection. CVE-2006-2040. Webapps exploit for php platform id EDB-ID:27731 last seen 2016-02-03 modified 2006-04-25 published 2006-04-25 reporter Dr.Jr7 source https://www.exploit-db.com/download/27731/ title photokorn 1.53/1.54 index.php Multiple Parameter SQL Injection
References
- http://secunia.com/advisories/19836
- http://securityreason.com/securityalert/789
- http://www.osvdb.org/24981
- http://www.osvdb.org/24982
- http://www.osvdb.org/24983
- http://www.securityfocus.com/archive/1/431982/100/0/threaded
- http://www.securityfocus.com/bid/17683
- http://www.vupen.com/english/advisories/2006/1525
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26066