CVE-2006-1353

Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:aspportal:aspportal:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:aspportal:aspportal:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:aspportal:aspportal:3.1.1:*:*:*:*:*:*:*

Information

Published : 2006-03-21 18:02

Updated : 2018-10-18 09:32


NVD link : CVE-2006-1353

Mitre link : CVE-2006-1353


JSON object : View

Advertisement

dedicated server usa

Products Affected

aspportal

  • aspportal