1. CVE-Search
  2. CVE-2006-0065
ID CVE-2006-0065
Summary SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php.
References
Vulnerable Configurations
  • cpe:2.3:a:vego:vego_web_forum:*:*:*:*:*:*:*:*
    cpe:2.3:a:vego:vego_web_forum:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 19-10-2018 - 15:42)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 16107
bugtraq 20060101 [eVuln] VEGO Web Forum SQL Injection Vulnerability
misc http://evuln.com/vulns/1/summary.html
osvdb 22140
secunia 18273
sreason 315
vupen ADV-2006-0003
Last major update 19-10-2018 - 15:42
Published 03-01-2006 - 22:03
Last modified 19-10-2018 - 15:42
Back to Top