CVE-2006-6181 - Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attacke

CVE-2006-6181

Summary

Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters.

References

http://secunia.com/advisories/23119
http://www.aria-security.com/forum/showthread.php?t=51
http://www.securityfocus.com/archive/1/452825/100/0/threaded
http://www.securityfocus.com/bid/21302
http://www.vupen.com/english/advisories/2006/4741
https://exchange.xforce.ibmcloud.com/vulnerabilities/30534

Vulnerable Configurations

cpe:2.3:a:clicktech:clickcontact:*:*:*:*:*:*:*:*
cpe:2.3:a:clicktech:clickcontact:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21302
bugtraq	20061126 ClickContact SQL Injection
misc	http://www.aria-security.com/forum/showthread.php?t=51
secunia	23119
vupen	ADV-2006-4741
xf	clickcontact-default-sql-injection(30534)

Last major update

17-10-2018 - 21:47

Published

01-12-2006 - 00:28

Last modified

17-10-2018 - 21:47