CVE-2006-6543 - Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote a

CVE-2006-6543

Summary

Multiple SQL injection vulnerabilities in login.asp in AppIntellect SpotLight CRM 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) login (UserName) and possibly (2) password parameter. NOTE: some of these details are obtained from third party information.

References

http://www.vupen.com/english/advisories/2006/4932
https://exchange.xforce.ibmcloud.com/vulnerabilities/30835
https://www.exploit-db.com/exploits/2907

Vulnerable Configurations

cpe:2.3:a:appintellect:spotlight_crm:1.0:*:*:*:*:*:*:*
cpe:2.3:a:appintellect:spotlight_crm:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

exploit-db	2907
vupen	ADV-2006-4932
xf	spotlight-login-sql-injection(30835)

Last major update

19-10-2017 - 01:29

Published

14-12-2006 - 02:28

Last modified

19-10-2017 - 01:29