CVE-2006-1541

SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.nukedx.com/?viewdoc=22	Exploit
http://www.securityfocus.com/bid/17309
http://www.osvdb.org/24256
http://secunia.com/advisories/19441
http://www.vupen.com/english/advisories/2006/1164
http://marc.info/?l=full-disclosure&m=114367573519326&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/25544
https://www.exploit-db.com/exploits/1623
http://www.securityfocus.com/archive/1/429487/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:ezaspsite:ezaspsite:*:*:*:*:*:*:*:*

Information

Published : 2006-03-30 03:02

Updated : 2018-10-18 09:33

NVD link : CVE-2006-1541

Mitre link : CVE-2006-1541

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

ezaspsite

ezaspsite

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.nukedx.com/?viewdoc=22", "name": "http://www.nukedx.com/?viewdoc=22", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/17309", "name": "17309", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/24256", "name": "24256", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/19441", "name": "19441", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/1164", "name": "ADV-2006-1164", "tags": [], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=full-disclosure&m=114367573519326&w=2", "name": "20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.", "tags": [], "refsource": "FULLDISC"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25544", "name": "ezaspsite-default-sql-injection(25544)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/1623", "name": "1623", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/429487/100/0/threaded", "name": "20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability.", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1541", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-30T11:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ezaspsite:ezaspsite:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.0_rc3"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:33Z"}