CVE-2006-1278

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://evuln.com/vulns/95/summary.html", "name": "http://evuln.com/vulns/95/summary.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/19224", "name": "19224", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/23851", "name": "23851", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23852", "name": "23852", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23853", "name": "23853", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23854", "name": "23854", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23855", "name": "23855", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23856", "name": "23856", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23857", "name": "23857", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23858", "name": "23858", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23859", "name": "23859", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23860", "name": "23860", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23861", "name": "23861", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23862", "name": "23862", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23863", "name": "23863", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23864", "name": "23864", "tags": [], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1015826", "name": "1015826", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://www.securityfocus.com/bid/17090", "name": "17090", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/24106", "name": "24106", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/619", "name": "619", "tags": ["Exploit"], "refsource": "SREASON"}, {"url": "http://osvdb.org/47017", "name": "47017", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.attrition.org/pipermail/vim/2009-August/002246.html", "name": "20090825 @1 File Store PRO SQL injection - the old gray dupe", "tags": [], "refsource": "VIM"}, {"url": "http://osvdb.org/47018", "name": "47018", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securityfocus.com/bid/30182", "name": "30182", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/31063", "name": "31063", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/0943", "name": "ADV-2006-0943", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43724", "name": "filestorepro-download-file-include(43724)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43718", "name": "filestorepro-id-sql-injection(43718)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25183", "name": "filestore-multiple-sql-injection(25183)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/6040", "name": "6040", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/428659/100/0/threaded", "name": "20060324 [eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1278", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-19T11:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:upoint:\\@1_file_store:2006.03.07:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:31Z"}