CVE-2006-3236

Sažetak

Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.

Reference

http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html
http://secunia.com/advisories/20747
http://securitytracker.com/id?1016355
http://www.osvdb.org/26742
http://www.osvdb.org/26743
http://www.securityfocus.com/bid/18567
http://www.vupen.com/english/advisories/2006/2470
https://exchange.xforce.ibmcloud.com/vulnerabilities/27270

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

20-07-2017 - 01:32

Objavljeno

27-06-2006 - 10:05