ID |
CVE-2006-1347
|
Summary |
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. Vulnerability can only be exploited if the "magic_quotes_gpc" parameter is set to Off. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:greg_neustaetter:gcards:1.43:*:*:*:*:*:*:*
cpe:2.3:a:greg_neustaetter:gcards:1.43:*:*:*:*:*:*:*
-
cpe:2.3:a:greg_neustaetter:gcards:1.44:*:*:*:*:*:*:*
cpe:2.3:a:greg_neustaetter:gcards:1.44:*:*:*:*:*:*:*
-
cpe:2.3:a:greg_neustaetter:gcards:*:*:*:*:*:*:*:*
cpe:2.3:a:greg_neustaetter:gcards:*:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 11-10-2017 - 01:30) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bid | 17165 | exploit-db | 1595 | osvdb | 24017 | secunia | 19322 | vim | 20060414 Provable vendor ACK for gcards issues | vupen | ADV-2006-1015 | xf | gcards-loginfunction-sql-injection(25344) |
|
Last major update |
11-10-2017 - 01:30 |
Published |
22-03-2006 - 01:02 |
Last modified |
11-10-2017 - 01:30 |