CVE-2006-6021 - SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers

CVE-2006-6021

Summary

SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.

References

http://secunia.com/advisories/23017
http://securityreason.com/securityalert/1898
http://www.securityfocus.com/archive/1/451963/100/0/threaded
http://www.securityfocus.com/archive/1/488647/100/100/threaded
http://www.securityfocus.com/bid/21158
https://exchange.xforce.ibmcloud.com/vulnerabilities/30394

Vulnerable Configurations

cpe:2.3:a:bestwebapp:bestwebapp_dating_site:*:*:*:*:*:*:*:*
cpe:2.3:a:bestwebapp:bestwebapp_dating_site:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:46)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21158
bugtraq	20061117 Dating Site [ login bypass & xss] 20080222 [Aria-Security.Net] BestWebApp Dating System SQL Injection
secunia	23017
sreason	1898
xf	datingsite-login-sql-injection(30394)

Last major update

17-10-2018 - 21:46

Published

21-11-2006 - 23:07

Last modified

17-10-2018 - 21:46