ID CVE-2006-2504
Summary Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.
References
Vulnerable Configurations
  • cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*
    cpe:2.3:a:azboard:azboard:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:40)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 17990
bugtraq 20060515 Azboard <= 1.0 Multiple Sql Injections
misc http://user.chol.com/~jyj9782/sec/azboard_advisory.txt
osvdb
  • 25527
  • 25528
secunia 20112
sreason 928
vupen ADV-2006-1827
xf azboard-list-adminok-sql-injection(26495)
Last major update 18-10-2018 - 16:40
Published 22-05-2006 - 19:02
Last modified 18-10-2018 - 16:40
Back to Top