CVE-2006-5450 - SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remo

CVE-2006-5450

Summary

SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.

References

http://secunia.com/advisories/22493
http://securityreason.com/securityalert/1757
http://www.osvdb.org/29901
http://www.securityfocus.com/archive/1/449227/100/0/threaded
http://www.securityfocus.com/bid/20607
http://www.vupen.com/english/advisories/2006/4130
https://exchange.xforce.ibmcloud.com/vulnerabilities/29683

Vulnerable Configurations

cpe:2.3:a:kinesis:kinesis_interactive_cinema_system:*:*:*:*:*:*:*:*
cpe:2.3:a:kinesis:kinesis_interactive_cinema_system:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:42)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20607
bugtraq	20061019 KICS CMS sql injection
osvdb	29901
secunia	22493
sreason	1757
vupen	ADV-2006-4130
xf	kics-txtpassword-sql-injection(29683)

Last major update

17-10-2018 - 21:42

Published

23-10-2006 - 17:07

Last modified

17-10-2018 - 21:42