Vulnerabilities > CVE-2006-2748 - Input Validation vulnerability in Open Searchable Image Catalogue

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
open-searchable-image-catalogue

Summary

SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php. Upgrade to Version 0.7.0.1

Vulnerable Configurations

Part Description Count
Application
Open_Searchable_Image_Catalogue
1