CVE-2006-2508

Sažetak

SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.

Reference

http://secunia.com/advisories/20213
http://securityreason.com/securityalert/931
http://www.osvdb.org/25691
http://www.osvdb.org/25692
http://www.securityfocus.com/archive/1/434527/100/0/threaded
http://www.securityfocus.com/bid/18044
http://www.vupen.com/english/advisories/2006/1897
https://exchange.xforce.ibmcloud.com/vulnerabilities/26569
https://exchange.xforce.ibmcloud.com/vulnerabilities/26570

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Zadnje važnije ažuriranje

18-10-2018 - 16:40

Objavljeno

22-05-2006 - 19:02