Vulnerabilities > CVE-2006-6517 - Input Validation vulnerability in KDPics
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. Successful exploitation of galeries.inc.php3 requires that "register_globals" is enabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description KDPics 1.11/1.16 index.php3 categories Parameter XSS. CVE-2006-6517. Webapps exploit for php platform id EDB-ID:29254 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29254/ title KDPics 1.11/1.16 index.php3 categories Parameter XSS description KDPics 1.11/1.16 galeries.inc.php3 categories Parameter XSS. CVE-2006-6517. Webapps exploit for php platform id EDB-ID:29255 last seen 2016-02-03 modified 2006-12-09 published 2006-12-09 reporter Mr_KaLiMaN source https://www.exploit-db.com/download/29255/ title KDPics 1.11/1.16 galeries.inc.php3 categories Parameter XSS description KDPics <= 1.11 (exif.php lib_path) Remote File Include Vulnerability. CVE-2006-6516,CVE-2006-6517. Webapps exploit for php platform file exploits/php/webapps/3263.txt id EDB-ID:3263 last seen 2016-01-31 modified 2007-02-03 platform php port published 2007-02-03 reporter AsTrex source https://www.exploit-db.com/download/3263/ title KDPics <= 1.11 exif.php lib_path Remote File Include Vulnerability type webapps