CVE-2006-0313

Sažetak

Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php.

Reference

http://secunia.com/advisories/18459
http://sourceforge.net/project/shownotes.php?release_id=382411&group_id=122682
http://www.osvdb.org/22403
http://www.osvdb.org/22404
http://www.osvdb.org/22405
http://www.osvdb.org/22406
http://www.osvdb.org/22407
http://www.osvdb.org/22408
http://www.osvdb.org/22409
http://www.osvdb.org/22410
http://www.osvdb.org/22411
http://www.osvdb.org/22412
http://www.osvdb.org/22413
http://www.osvdb.org/22414
http://www.osvdb.org/22415
http://www.securityfocus.com/bid/16273
http://www.vupen.com/english/advisories/2006/0231

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-03-2011 - 02:29

Objavljeno

19-01-2006 - 01:03