CVE-2006-2504

Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://user.chol.com/~jyj9782/sec/azboard_advisory.txt	Exploit
http://www.securityfocus.com/bid/17990
http://www.osvdb.org/25527
http://www.osvdb.org/25528
http://secunia.com/advisories/20112
http://securityreason.com/securityalert/928
http://www.vupen.com/english/advisories/2006/1827
https://exchange.xforce.ibmcloud.com/vulnerabilities/26495
http://www.securityfocus.com/archive/1/434010/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*

Information

Published : 2006-05-22 12:02

Updated : 2018-10-18 09:40

NVD link : CVE-2006-2504

Mitre link : CVE-2006-2504

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

azboard

azboard

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://user.chol.com/~jyj9782/sec/azboard_advisory.txt", "name": "http://user.chol.com/~jyj9782/sec/azboard_advisory.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/17990", "name": "17990", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/25527", "name": "25527", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25528", "name": "25528", "tags": [], "refsource": "OSVDB"}, {"url": "http://secunia.com/advisories/20112", "name": "20112", "tags": [], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/928", "name": "928", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1827", "name": "ADV-2006-1827", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26495", "name": "azboard-list-adminok-sql-injection(26495)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/434010/100/0/threaded", "name": "20060515 Azboard <= 1.0 Multiple Sql Injections", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2504", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-05-22T19:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:40Z"}