Vulnerabilities > CVE-2006-2397 - Unspecified vulnerability in Gphotos 1.4/1.5
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN gphotos
exploit available
Summary
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description Gphotos 1.4/1.5 diapo.php rep Parameter XSS. CVE-2006-2397 . Webapps exploit for php platform id EDB-ID:27865 last seen 2016-02-03 modified 2006-05-13 published 2006-05-13 reporter Morocco Security Team source https://www.exploit-db.com/download/27865/ title Gphotos 1.4/1.5 diapo.php rep Parameter XSS description Gphotos 1.4/1.5 index.php rep Parameter XSS. CVE-2006-2397 . Webapps exploit for php platform id EDB-ID:27864 last seen 2016-02-03 modified 2006-05-13 published 2006-05-13 reporter Morocco Security Team source https://www.exploit-db.com/download/27864/ title Gphotos 1.4/1.5 index.php rep Parameter XSS description Gphotos 1.4/1.5 affich.php image Parameter XSS. CVE-2006-2397. Webapps exploit for php platform id EDB-ID:27866 last seen 2016-02-03 modified 2006-05-13 published 2006-05-13 reporter Morocco Security Team source https://www.exploit-db.com/download/27866/ title Gphotos 1.4/1.5 affich.php image Parameter XSS
References
- http://secunia.com/advisories/20095
- http://secunia.com/advisories/20095
- http://securityreason.com/securityalert/906
- http://securityreason.com/securityalert/906
- http://www.osvdb.org/25497
- http://www.osvdb.org/25497
- http://www.osvdb.org/25498
- http://www.osvdb.org/25498
- http://www.osvdb.org/25499
- http://www.osvdb.org/25499
- http://www.securityfocus.com/archive/1/433936/100/0/threaded
- http://www.securityfocus.com/archive/1/433936/100/0/threaded
- http://www.securityfocus.com/bid/17967
- http://www.securityfocus.com/bid/17967
- http://www.vupen.com/english/advisories/2006/1806
- http://www.vupen.com/english/advisories/2006/1806
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26426
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26426