CVE-2006-1685 - Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and

CVE-2006-1685

Summary

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.

References

Vulnerable Configurations

cpe:2.3:a:apt:apt-webshop-system:3.0:*:basic:*:*:*:*:*
cpe:2.3:a:apt:apt-webshop-system:3.0:*:basic:*:*:*:*:*
cpe:2.3:a:apt:apt-webshop-system:3.0:*:light:*:*:*:*:*
cpe:2.3:a:apt:apt-webshop-system:3.0:*:light:*:*:*:*:*
cpe:2.3:a:apt:apt-webshop-system:4.0:*:pro:*:*:*:*:*
cpe:2.3:a:apt:apt-webshop-system:4.0:*:pro:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17425
misc	http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html
secunia	19592
vupen	ADV-2006-1293
xf	apt-webshop-sql-injection(25731)

Last major update

20-07-2017 - 01:30

Published

11-04-2006 - 00:02

Last modified

20-07-2017 - 01:30