[VIM] Confirmed CVE-2005-3986 (Instant Photo Gallery SQL injections)

Steven M. Christey coley at mitre.org
Sun Dec 4 16:37:59 EST 2005


FYI, I confirmed the following Instant Photo Gallery SQL injections
using source code inspection.

- Steve


======================================================
Name: CVE-2005-3986
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3986
Reference: MISC:http://pridels.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html
Reference: SECUNIA:17841
Reference: URL:http://secunia.com/advisories/17841

Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and
earlier allow remote attackers to execute arbitrary SQL commands via
the (1) cat_id parameter in portfolio.php and (2) cid parameter in
content.php.




More information about the VIM mailing list