CVE-2006-5628 - SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote att

CVE-2006-5628

Summary

SQL injection vulnerability in login.asp in UNISOR Content Management System (CMS) allows remote attackers to execute arbitrary SQL commands via the (1) user or (2) pass fields.

References

http://securityreason.com/securityalert/1800
http://www.securityfocus.com/archive/1/449905/100/0/threaded
http://www.securityfocus.com/bid/20770
https://exchange.xforce.ibmcloud.com/vulnerabilities/29855

Vulnerable Configurations

cpe:2.3:a:unisor_cms:unisor_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:unisor_cms:unisor_cms:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:44)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	20770
bugtraq	20061027 UNISOR CMS sql injection
sreason	1800
xf	unisorcms-login-sql-injection(29855)

Last major update

17-10-2018 - 21:44

Published

31-10-2006 - 20:07

Last modified

17-10-2018 - 21:44