CVE-2006-6246

critical

Description

Photo Organizer 2.32b and earlier does not properly check the ownership of certain objects, which allows remote attackers to gain unauthorized access via vectors related to (1) camera del, (2) camera edit, (3) folder/album deletion, (4) photo.move, (5) content.indexer, (6) folder.content, and possibly other operations.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30577

http://www.vupen.com/english/advisories/2006/4766

http://www.securityfocus.com/bid/21351

http://secunia.com/advisories/23176

http://po.shaftnet.org/po_stable_changelog

http://bugs.shaftnet.org/task/113

Details

Source: Mitre, NVD

Published: 2006-12-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.0111