CVE-2006-6937 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Pensacola Web Designs	Xtremeasp Photogallery	2.0

References

http://aria-security.net/advisory/xtremeg.txt
http://securityreason.com/securityalert/2148
http://www.osvdb.org/31507
http://www.securityfocus.com/archive/1/451786/100/0/threaded
http://www.securityfocus.com/bid/21138Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/30324
http://aria-security.net/advisory/xtremeg.txt
http://securityreason.com/securityalert/2148
http://www.osvdb.org/31507
http://www.securityfocus.com/archive/1/451786/100/0/threaded
http://www.securityfocus.com/bid/21138Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/30324

FAQ

What is CVE-2006-6937?

CVE-2006-6937 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo Gallery allows remote attackers to inject arbitrary SQL commands via the sortorder parameter.

How severe is CVE-2006-6937?

CVE-2006-6937 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6937?

Check the references section above for vendor advisories and patch information. Affected products include: Pensacola Web Designs Xtremeasp Photogallery.