CVE-2006-4978

Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.morx.org/phpquiz.txt	Exploit
http://secunia.com/advisories/22015	Vendor Advisory
http://securityreason.com/securityalert/1627
http://www.securityfocus.com/bid/20065
http://www.vupen.com/english/advisories/2006/3693
https://exchange.xforce.ibmcloud.com/vulnerabilities/28993
https://www.exploit-db.com/exploits/2376
http://www.securityfocus.com/archive/1/446315/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:walter_beschmout:phpquiz:*:*:*:*:*:*:*:*

Information

Published : 2006-09-24 18:07

Updated : 2018-10-17 14:40

NVD link : CVE-2006-4978

Mitre link : CVE-2006-4978

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

walter_beschmout

phpquiz

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.morx.org/phpquiz.txt", "name": "http://www.morx.org/phpquiz.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/22015", "name": "22015", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1627", "name": "1627", "tags": [], "refsource": "SREASON"}, {"url": "http://www.securityfocus.com/bid/20065", "name": "20065", "tags": [], "refsource": "BID"}, {"url": "http://www.vupen.com/english/advisories/2006/3693", "name": "ADV-2006-3693", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28993", "name": "phpquiz-score-sql-injection(28993)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/2376", "name": "2376", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/446315/100/0/threaded", "name": "20060916 PHPQuiz Multiple Remote Vulnerabilites", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-4978", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-09-25T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:walter_beschmout:phpquiz:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:40Z"}