CVE-2006-0693

Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.evuln.com/vulns/68/summary.html	Vendor Advisory
http://www.securityfocus.com/bid/16632
http://secunia.com/advisories/18856
http://securityreason.com/securityalert/453
http://www.vupen.com/english/advisories/2006/0523
https://exchange.xforce.ibmcloud.com/vulnerabilities/24578
http://www.securityfocus.com/archive/1/425364/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:roberto_butti:calimba:0.99.1:::::::*
	cpe:2.3:a:roberto_butti:calimba:0.99.2_beta:::::::*

Information

Published : 2006-02-15 03:06

Updated : 2018-10-19 08:45

NVD link : CVE-2006-0693

Mitre link : CVE-2006-0693

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

roberto_butti

calimba

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.evuln.com/vulns/68/summary.html", "name": "http://www.evuln.com/vulns/68/summary.html", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/16632", "name": "16632", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/18856", "name": "18856", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/453", "name": "453", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/0523", "name": "ADV-2006-0523", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24578", "name": "calimba-rbauth-sql-injection(24578)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/425364/100/0/threaded", "name": "20060217 [eVuln] CALimba Authentication Bypass Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0693", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-02-15T11:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:roberto_butti:calimba:0.99.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:roberto_butti:calimba:0.99.2_beta:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:45Z"}