CVE-2006-3135

Sažetak

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.

Reference

http://secunia.com/advisories/20589
http://secunia.com/secunia_research/2006-52/advisory/
http://securityreason.com/securityalert/1236
http://www.osvdb.org/27139
http://www.osvdb.org/27140
http://www.osvdb.org/27141
http://www.osvdb.org/27142
http://www.osvdb.org/27143
http://www.vupen.com/english/advisories/2006/2783
https://exchange.xforce.ibmcloud.com/vulnerabilities/27712

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:32

Objavljeno

13-07-2006 - 21:05