ID CVE-2006-3792
Summary SQL injection vulnerability in ServerClientUfo::recv_packet in server_protocol.cpp in UFO2000 svn 1057 allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving the packet.c_str function.
References
Vulnerable Configurations
  • cpe:2.3:a:ufo2000:ufo2000:*:*:*:*:*:*:*:*
    cpe:2.3:a:ufo2000:ufo2000:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 17-10-2018 - 21:30)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 19028
bugtraq 20060716 Multiple vulnerabilities in UFO2000 svn 1057
confirm http://svn.sourceforge.net/viewcvs.cgi/ufo2000/trunk/src/server_protocol.cpp?view=log
gentoo GLSA-200702-10
misc http://aluigi.altervista.org/adv/ufo2ko-adv.txt
sectrack 1016503
secunia
  • 21091
  • 24297
sreason 1259
vupen ADV-2006-2837
xf ufo2000-serverprotocol-sql-injection(27816)
Last major update 17-10-2018 - 21:30
Published 24-07-2006 - 12:19
Last modified 17-10-2018 - 21:30
Back to Top