CVE-2006-2749

SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters.

Published: 2006-06-01 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]

NVD Status：Modified，CVE State: published

View at NVD, CVE.org, EUVD

Conclusion & alert: CVE-2006-2749 is rated Moderate Risk (52.9/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.63%). Mandatory action: Review affected assets and schedule remediation.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Exploit prediction scoring system (EPSS) score for CVE-2006-2749

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2024-12-17	0.88%	0.63%	-0.25%
2	2023-07-28	1.64%	0.88%	-0.76%
3	2023-05-13	—	1.64%	—

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2006-2749

CVSS metrics for this CVE.

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
6.4	2.0	MEDIUM	`AV:N/AC:L/Au:N/C:P/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:L) Exploitation conditions are straightforward and predictable. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	10.0	4.9	[email protected]

Weakness enumeration for CVE-2006-2749

NVD evaluator notes for CVE-2006-2749

Solution: Upgrade to version 0.7.0.1

Affected software / configurations for CVE-2006-2749

Vendor	Product	Version	Raw CPE
open_searchable_image_catalogue	open_searchable_image_catalogue	<= 0.7.0.0	cpe:2.3:a:open_searchable_image_catalogue:open_searchable_image_catalogue::::::::

References for CVE-2006-2749

URL	Tags
http://secunia.com/advisories/20341	Vendor Advisory
http://securityreason.com/securityalert/1014
http://securitytracker.com/id?1016178
http://sourceforge.net/forum/forum.php?forum_id=576483
http://svn.sourceforge.net/viewcvs.cgi/osic-win/branches/osic_0-7/osic/search.php?view=markup&rev=477
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0605-001.txt	Vendor Advisory
http://www.securityfocus.com/archive/1/435380/100/0/threaded
http://www.securityfocus.com/bid/18169

cvelogic Threat Intelligence