CVE-2006-0358

Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://web.archive.org/web/20050303003128/http://powerportal.sourceforge.net/
http://www.securityfocus.com/bid/16279	Exploit
http://www.osvdb.org/27958
http://www.osvdb.org/27957
http://secunia.com/advisories/10172
https://exchange.xforce.ibmcloud.com/vulnerabilities/24196
http://www.securityfocus.com/archive/1/422151/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:powerportal:powerportal:1.1b:::::::*
	cpe:2.3:a:powerportal:powerportal:1.3:::::::*
	cpe:2.3:a:powerportal:powerportal:1.3b:::::::*

Information

Published : 2006-01-22 12:03

Updated : 2018-10-19 08:44

NVD link : CVE-2006-0358

Mitre link : CVE-2006-0358

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

powerportal

powerportal

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://web.archive.org/web/20050303003128/http://powerportal.sourceforge.net/", "name": "http://web.archive.org/web/20050303003128/http://powerportal.sourceforge.net/", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16279", "name": "16279", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.osvdb.org/27958", "name": "27958", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/27957", "name": "27957", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/10172", "name": "10172", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24196", "name": "powerportal-search-index-xss(24196)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/422151/100/0/threaded", "name": "20060117 PowerPortal Cross-Site Scripting Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0358", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-01-22T20:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:powerportal:powerportal:1.1b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerportal:powerportal:1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:powerportal:powerportal:1.3b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:44Z"}