CVE-2006-2128

Sažetak

Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.

Reference

http://evuln.com/vulns/130/summary.html
http://secunia.com/advisories/19882
http://soot.shabgard.org/bugs/propublish.txt
http://www.osvdb.org/25124
http://www.osvdb.org/25125
http://www.osvdb.org/25126
http://www.osvdb.org/25127
http://www.securityfocus.com/archive/1/435787/100/0/threaded
http://www.securityfocus.com/bid/17762
http://www.vupen.com/english/advisories/2006/1578
https://exchange.xforce.ibmcloud.com/vulnerabilities/26148

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:38

Objavljeno

01-05-2006 - 23:02