CVE-2006-5236

SQL injection vulnerability in search.php in 4images 1.7.x allows remote authenticated users to execute arbitrary SQL commands via the search_user parameter.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 09:07:00.000-04
Last Modified2018-10-17 05:41:49.000-04

Vulnerable Software List

VendorProductVersions
4homepages 4images 1.7.1, 1.7.3

References

SourceLink
SREASON1711
SECTRACK1017074
MISChttp://w4ck1ng.com/board/showthread.php?t=1037
BUGTRAQ20061008 SQL injection - 4images
BID20394
VUPENADV-2006-3974
XF4images-search-sql-injection(29389)
EXPLOIT-DB2487