Vulnerability Description
Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| My Photo Scrapbook | My Photo Scrapbook | <= 1.0 |
References
- http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html
- http://secunia.com/advisories/20554Vendor Advisory
- http://www.osvdb.org/26281
- http://www.osvdb.org/26282
- http://www.securityfocus.com/bid/18418
- http://www.vupen.com/english/advisories/2006/2244
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27087
- http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html
- http://secunia.com/advisories/20554Vendor Advisory
- http://www.osvdb.org/26281
- http://www.osvdb.org/26282
- http://www.securityfocus.com/bid/18418
- http://www.vupen.com/english/advisories/2006/2244
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27087
FAQ
What is CVE-2006-2993?
CVE-2006-2993 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo...
How severe is CVE-2006-2993?
CVE-2006-2993 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2993?
Check the references section above for vendor advisories and patch information. Affected products include: My Photo Scrapbook My Photo Scrapbook.