CVE-2006-6132

Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://s-a-p.ca/index.php?page=OurAdvisories&id=53	Exploit Vendor Advisory
http://www.securityfocus.com/bid/21239	Exploit
http://secunia.com/advisories/23068	Exploit Vendor Advisory
http://securityreason.com/securityalert/1920
http://www.vupen.com/english/advisories/2006/4656
https://exchange.xforce.ibmcloud.com/vulnerabilities/30460
http://www.securityfocus.com/archive/1/452256/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*

Information

Published : 2006-11-27 17:07

Updated : 2018-10-17 14:46

NVD link : CVE-2006-6132

Mitre link : CVE-2006-6132

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

softacid

link_exchange_lite

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53", "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/21239", "name": "21239", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23068", "name": "23068", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1920", "name": "1920", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/4656", "name": "ADV-2006-4656", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30460", "name": "linkexchangelite-linkslist-sql-injection(30460)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/452256/100/0/threaded", "name": "20061121 Link Exchange Lite [injection sql]", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6132", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-28T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-17T21:46Z"}