CVE-2006-4978

Sažetak

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

Reference

http://secunia.com/advisories/22015
http://securityreason.com/securityalert/1627
http://www.morx.org/phpquiz.txt
http://www.securityfocus.com/archive/1/446315/100/0/threaded
http://www.securityfocus.com/bid/20065
http://www.vupen.com/english/advisories/2006/3693
https://exchange.xforce.ibmcloud.com/vulnerabilities/28993
https://www.exploit-db.com/exploits/2376

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-10-2018 - 21:40

Objavljeno

25-09-2006 - 01:07