Vulnerabilities > CVE-2006-2397 - Input Validation vulnerability in Gphotos 1.4/1.5
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
description Gphotos 1.4/1.5 diapo.php rep Parameter XSS. CVE-2006-2397 . Webapps exploit for php platform id EDB-ID:27865 last seen 2016-02-03 modified 2006-05-13 published 2006-05-13 reporter Morocco Security Team source https://www.exploit-db.com/download/27865/ title Gphotos 1.4/1.5 diapo.php rep Parameter XSS description Gphotos 1.4/1.5 index.php rep Parameter XSS. CVE-2006-2397 . Webapps exploit for php platform id EDB-ID:27864 last seen 2016-02-03 modified 2006-05-13 published 2006-05-13 reporter Morocco Security Team source https://www.exploit-db.com/download/27864/ title Gphotos 1.4/1.5 index.php rep Parameter XSS description Gphotos 1.4/1.5 affich.php image Parameter XSS. CVE-2006-2397. Webapps exploit for php platform id EDB-ID:27866 last seen 2016-02-03 modified 2006-05-13 published 2006-05-13 reporter Morocco Security Team source https://www.exploit-db.com/download/27866/ title Gphotos 1.4/1.5 affich.php image Parameter XSS
References
- http://secunia.com/advisories/20095
- http://securityreason.com/securityalert/906
- http://www.osvdb.org/25497
- http://www.osvdb.org/25498
- http://www.osvdb.org/25499
- http://www.securityfocus.com/archive/1/433936/100/0/threaded
- http://www.securityfocus.com/bid/17967
- http://www.vupen.com/english/advisories/2006/1806
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26426