| ID |
CVE-2006-1541
|
| Summary |
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 7.8 (as of 18-10-2018 - 16:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| COMPLETE |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:C/I:N/A:N
|
| refmap
via4
|
| bid | 17309 | | bugtraq | 20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. | | exploit-db | 1623 | | fulldisc | 20060329 EzASPSite <= 2.0 RC3 Remote SQL Injection Exploit Vulnerability. | | misc | http://www.nukedx.com/?viewdoc=22 | | osvdb | 24256 | | secunia | 19441 | | vupen | ADV-2006-1164 | | xf | ezaspsite-default-sql-injection(25544) |
|
| Last major update |
18-10-2018 - 16:33 |
| Published |
30-03-2006 - 11:02 |
| Last modified |
18-10-2018 - 16:33 |
