Vulnerabilities > CVE-2006-2532 - SQL-Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

greg-donald

NVD

Published: 2006-05-22

Updated: 2018-10-18

Summary

stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.

Vulnerable Configurations

Part	Description	Count
Application	Greg_Donald Greg Donald Destiney Rated Images Script 0.5.0	1

References

http://securityreason.com/securityalert/940
http://www.securityfocus.com/archive/1/434691/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/26603