Vulnerabilities > CVE-2006-6246 - Input Validation vulnerability in Photo Organizer

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

photo-organizer

NVD

Published: 2006-12-04

Updated: 2017-07-29

Summary

Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.

Vulnerable Configurations

Part	Description	Count
Application	Photo_Organizer Photo Organizer Photo Organizer *	1

References

http://bugs.shaftnet.org/task/113
http://po.shaftnet.org/po_stable_changelog
http://secunia.com/advisories/23176
http://www.securityfocus.com/bid/21351
http://www.vupen.com/english/advisories/2006/4766
https://exchange.xforce.ibmcloud.com/vulnerabilities/30577