ID CVE-2006-3822
Summary SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. Successful exploitation requires that the 'accumulative feedback' feature is turned on.
References
Vulnerable Configurations
  • cpe:2.3:a:geodesicsolutions:geoauctions_enterprise:1.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:geodesicsolutions:geoauctions_enterprise:1.0.6:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 08-03-2011 - 02:39)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 19093
misc http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txt
secunia 21325
vupen ADV-2006-3133
Last major update 08-03-2011 - 02:39
Published 25-07-2006 - 13:22
Last modified 08-03-2011 - 02:39
Back to Top