CVE-2006-0570 - Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow re

CVE-2006-0570

Summary

Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface.

References

http://evuln.com/vulns/61/summary.html
http://secunia.com/advisories/18791
http://securityreason.com/securityalert/427
http://www.securityfocus.com/archive/1/424842/100/0/threaded
http://www.securityfocus.com/bid/16587
http://www.vupen.com/english/advisories/2006/0450

Vulnerable Configurations

cpe:2.3:a:hinton_design:phpstatus:1.0:*:*:*:*:*:*:*
cpe:2.3:a:hinton_design:phpstatus:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16587
bugtraq	20060212 [eVuln] phpstatus Authentication Bypass
misc	http://evuln.com/vulns/61/summary.html
secunia	18791
sreason	427
vupen	ADV-2006-0450

Last major update

19-10-2018 - 15:45

Published

07-02-2006 - 18:06

Last modified

19-10-2018 - 15:45