CVE-2006-6247

Uapplication Uphotogallery - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery 1.1 allow remote attackers to execute arbitrary SQL commands via the ci parameter to (1) slideshow.asp or (2) thumbnails.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/29196

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/29195

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1950

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/459187/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21319

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/30556

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/452827/100/0/threaded

Exploit x_refsource_misc

http://www.aria-security.com/forum/showthread.php?t=53

Scores

EPSS 0.0232

EPSS Percentile 84.9%

Details

Status published

Products (1)

uapplication/uphotogallery 1.1

Published Dec 04, 2006

Tracked Since Feb 18, 2026