CVE-2006-5450

SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/20607	Exploit
http://secunia.com/advisories/22493	Vendor Advisory
http://www.osvdb.org/29901
http://securityreason.com/securityalert/1757
http://www.vupen.com/english/advisories/2006/4130
https://exchange.xforce.ibmcloud.com/vulnerabilities/29683
http://www.securityfocus.com/archive/1/449227/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:kinesis:kinesis_interactive_cinema_system:*:*:*:*:*:*:*:*

Information

Published : 2006-10-23 10:07

Updated : 2018-10-17 14:42

NVD link : CVE-2006-5450

Mitre link : CVE-2006-5450

JSON object : View

CWE

NVD-CWE-Other

Products Affected

kinesis

kinesis_interactive_cinema_system

7.5 /10