CVE-2006-2508

SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/18044	Exploit
http://secunia.com/advisories/20213	Vendor Advisory
http://www.osvdb.org/25691	Exploit
http://www.osvdb.org/25692	Exploit
http://securityreason.com/securityalert/931
http://www.vupen.com/english/advisories/2006/1897
https://exchange.xforce.ibmcloud.com/vulnerabilities/26570
https://exchange.xforce.ibmcloud.com/vulnerabilities/26569
http://www.securityfocus.com/archive/1/434527/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:yourfreeworld:stylish_text_ads_script:*:*:*:*:*:*:*:*

Information

Published : 2006-05-22 12:02

Updated : 2018-10-18 09:40

NVD link : CVE-2006-2508

Mitre link : CVE-2006-2508

JSON object : View

CWE

NVD-CWE-Other

Products Affected

yourfreeworld

stylish_text_ads_script

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/18044", "name": "18044", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/20213", "name": "20213", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/25691", "name": "25691", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/25692", "name": "25692", "tags": ["Exploit"], "refsource": "OSVDB"}, {"url": "http://securityreason.com/securityalert/931", "name": "931", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/1897", "name": "ADV-2006-1897", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26570", "name": "yourfreeworld-tr1-advertise-xss(26570)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26569", "name": "yourfreeworld-tr1-advertise-sql-injection(26569)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/434527/100/0/threaded", "name": "20060519 Yourfreeworld Styleish Text Ads Script", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-2508", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-05-22T19:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:yourfreeworld:stylish_text_ads_script:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:40Z"}

6.4 /10