Vulnerabilities > CVE-2006-6932 - SQL Injection vulnerability in Image Gallery with Access Database

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
image-gallery-with-access-database
exploit available
NVD
Published: 2007-01-16
Updated: 2018-10-16

Summary

Multiple SQL injection vulnerabilities in Image Gallery with Access Database allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to (a) dispimage.asp, or the (2) order or (3) page parameter to (b) default.asp.

Vulnerable Configurations

Part Description Count
Application
Image_Gallery_With_Access_Database
1

Exploit-Db

  • descriptionImage gallery with Access Database dispimage.asp id Parameter SQL Injection. CVE-2006-6932. Webapps exploit for asp platform
    idEDB-ID:29053
    last seen2016-02-03
    modified2006-11-16
    published2006-11-16
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29053/
    titleImage gallery with Access Database dispimage.asp id Parameter SQL Injection
  • descriptionImage gallery with Access Database default.asp Multiple Parameter SQL Injection. CVE-2006-6932. Webapps exploit for asp platform
    idEDB-ID:29054
    last seen2016-02-03
    modified2006-11-16
    published2006-11-16
    reporterAria-Security Team
    sourcehttps://www.exploit-db.com/download/29054/
    titleImage gallery with Access Database default.asp Multiple Parameter SQL Injection

References