Back to CVE Browser

CVE-2006-1667

HIGH

7.5

CVSS Severity Score

EPSS Score0.0670%

EPSS Percentile28.93th

PublishedApr 7, 2006

Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

Affected Platforms (CPE)

📦

Crafty Syntax Image Gallery

Crafty Syntax Image Gallery

= 3.1g

References & Advisories

🔗 http://bash-x.net/undef/adv/craftygallery.html

🔗 http://bash-x.net/undef/exploits/crappy_syntax.txt

🔗 http://secunia.com/advisories/19478

🔗 http://www.osvdb.org/24386

🔗 http://www.securityfocus.com/bid/17379

🔗 http://www.vupen.com/english/advisories/2006/1239

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25654

🔗 https://www.exploit-db.com/exploits/1645

Related Vulnerabilities

CVE-2006-16689.0

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote au...

CVE-2006-502510.0

Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack ve...

CVE-2006-446110.0

Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the pr...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...