CVE-2006-1000 - Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attacke

CVE-2006-1000

Summary

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

References

Vulnerable Configurations

cpe:2.3:a:g2soft:pentacle_in-out_board:6.03:*:*:*:*:*:*:*
cpe:2.3:a:g2soft:pentacle_in-out_board:6.03:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 18-10-2018 - 16:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	16818
bugtraq	20060225 Advisory: Pentacle In-Out Board <= 6.03 (login.asp) AuthencationByPass Vulnerability 20060225 Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.aspnewsid) Remote SQL Injection Vulnerability
fulldisc	20060225 Advisory: Pentacle In-Out Board <= 6.03 (login.asp) Authencation ByPass Vulnerability 20060225 Advisory: Pentacle In-Out Board <= 6.03 (newsdetailsview.asp newsid) Remote SQL Injection Vulnerability
misc	http://www.nukedx.com/?viewdoc=13 http://www.nukedx.com/?viewdoc=14
sectrack	1015682
secunia	19024
vupen	ADV-2006-0749

Last major update

18-10-2018 - 16:30

Published

06-03-2006 - 20:06

Last modified

18-10-2018 - 16:30