CVE-2006-2504 - Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to exe

CVE-2006-2504

Summary

Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.

References

http://secunia.com/advisories/20112
http://securityreason.com/securityalert/928
http://user.chol.com/~jyj9782/sec/azboard_advisory.txt
http://www.osvdb.org/25527
http://www.osvdb.org/25528
http://www.securityfocus.com/archive/1/434010/100/0/threaded
http://www.securityfocus.com/bid/17990
http://www.vupen.com/english/advisories/2006/1827
https://exchange.xforce.ibmcloud.com/vulnerabilities/26495

Vulnerable Configurations

cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*
cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17990
bugtraq	20060515 Azboard <= 1.0 Multiple Sql Injections
misc	http://user.chol.com/~jyj9782/sec/azboard_advisory.txt
osvdb	25527 25528
secunia	20112
sreason	928
vupen	ADV-2006-1827
xf	azboard-list-adminok-sql-injection(26495)

Last major update

18-10-2018 - 16:40

Published

22-05-2006 - 19:02

Last modified

18-10-2018 - 16:40