CVE-2006-2750

Name of the Vulnerable Software and Affected Versions Open Searchable Image Catalogue (OSIC) versions prior to 0.7.0.1

Description A cross-site scripting (XSS) issue exists in the do mysql query function in core.php, allowing remote attackers to inject arbitrary web scripts or HTML via failed SQL queries. This is reflected in an error message.

Recommendations For versions prior to 0.7.0.1, update to version 0.7.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the do mysql query function in core.php to minimize the risk of exploitation.