CVE-2006-1571 - Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote atta

CVE-2006-1571

Summary

Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Successful exploitation requires "magic_quotes_gpc" to be disabled.

References

Vulnerable Configurations

cpe:2.3:a:r2xdesign:qlitenews:2005-07-01:*:*:*:*:*:*:*
cpe:2.3:a:r2xdesign:qlitenews:2005-07-01:*:*:*:*:*:*:*

CVSS

Base:	5.1 (as of 18-10-2018 - 16:33)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

refmap via4

bid	17333
bugtraq	20060413 [eVuln] qliteNews SQL Injection Vulnerability
misc	http://evuln.com/vulns/114/summary.html
osvdb	24301
secunia	19476
sreason	701
vupen	ADV-2006-1182
xf	qlitenews-loginprocess-sql-injection(25565)

Last major update

18-10-2018 - 16:33

Published

01-04-2006 - 00:04

Last modified

18-10-2018 - 16:33