ID CVE-2006-3559
Summary Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.
References
Vulnerable Configurations
  • cpe:2.3:a:arif_supriyanto:auracms:1.62:*:*:*:*:*:*:*
    cpe:2.3:a:arif_supriyanto:auracms:1.62:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 18-10-2018 - 16:47)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 18867
bugtraq 20060706 lintah_|adv|_01@2006>=========<[Aura-CMS v1.62]<===>[XSS vulnerable]&[bug]
misc http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
osvdb 28201
sreason 1226
xf auracms-name-pesan-sql-injection(27705)
Last major update 18-10-2018 - 16:47
Published 13-07-2006 - 00:05
Last modified 18-10-2018 - 16:47
Back to Top