CVE-2006-0205

Sažetak

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

Reference

http://evuln.com/vulns/27/summary.html
http://evuln.com/vulns/28/summary.html
http://secunia.com/advisories/18440
http://securityreason.com/securityalert/345
http://securityreason.com/securityalert/346
http://www.osvdb.org/22358
http://www.securityfocus.com/archive/1/421745/100/0/threaded
http://www.securityfocus.com/archive/1/421746/100/0/threaded
http://www.securityfocus.com/bid/16227
http://www.vupen.com/english/advisories/2006/0185
https://exchange.xforce.ibmcloud.com/vulnerabilities/24105
https://exchange.xforce.ibmcloud.com/vulnerabilities/24108

CVSS

Base:	5.1
Impact:	6.4
Exploitability:	4.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

19-10-2018 - 15:43

Objavljeno

13-01-2006 - 23:03