CVE-2006-1571

Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://evuln.com/vulns/114/summary.html
http://secunia.com/advisories/19476	Vendor Advisory
http://www.securityfocus.com/bid/17333
http://www.osvdb.org/24301
http://securityreason.com/securityalert/701
http://www.vupen.com/english/advisories/2006/1182
https://exchange.xforce.ibmcloud.com/vulnerabilities/25565
http://www.securityfocus.com/archive/1/430873/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:r2xdesign:qlitenews:2005-07-01:*:*:*:*:*:*:*

Information

Published : 2006-03-31 16:04

Updated : 2018-10-18 09:33

NVD link : CVE-2006-1571

Mitre link : CVE-2006-1571

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

r2xdesign

qlitenews

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://evuln.com/vulns/114/summary.html", "name": "http://evuln.com/vulns/114/summary.html", "tags": [], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/19476", "name": "19476", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/17333", "name": "17333", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/24301", "name": "24301", "tags": [], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/701", "name": "701", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1182", "name": "ADV-2006-1182", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25565", "name": "qlitenews-loginprocess-sql-injection(25565)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/430873/100/0/threaded", "name": "20060413 [eVuln] qliteNews SQL Injection Vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1571", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-04-01T00:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:r2xdesign:qlitenews:2005-07-01:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:33Z"}