RSS   Vulnerabilities for 'Selectapix'   RSS

2006-06-09
 
CVE-2006-2913

 

 
Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php.

 
 
CVE-2006-2912

CWE-Other
 

 
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.

 
2006-05-31
 
CVE-2006-2722

 

 
SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.

 
2006-05-19
 
CVE-2006-2463

 

 
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top