CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-1667

HIGH
7.5
CVSS Severity Score
EPSS Score0.0670%
EPSS Percentile28.93th
Published2006年4月7日
Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to execute arbitrary SQL commands via the limitquery_s parameter when the $projectid variable is less than 1, which prevents the $limitquery_s from being set within slides.php.

Affected Platforms (CPE)

📦
Crafty Syntax Image Gallery

Crafty Syntax Image Gallery

= 3.1g

References & Advisories

🔗 http://bash-x.net/undef/adv/craftygallery.html
🔗 http://bash-x.net/undef/exploits/crappy_syntax.txt
🔗 http://secunia.com/advisories/19478
🔗 http://www.osvdb.org/24386
🔗 http://www.securityfocus.com/bid/17379
🔗 http://www.vupen.com/english/advisories/2006/1239
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/25654
🔗 https://www.exploit-db.com/exploits/1645

相关漏洞威胁

CVE-2006-16689.0

newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote au...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2006-610210.0

Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X ser...

CVE-2006-021810.0

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to...