CVE-2006-6269 - Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to exe

CVE-2006-6269

Summary

Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in rating.asp, (2) the mealid parameter in meal_rest.asp, and (3) the resid parameter in res_details.asp.

References

http://securityreason.com/securityalert/1981
http://www.securityfocus.com/archive/1/451970/100/200/threaded

Vulnerable Configurations

cpe:2.3:a:infinity_technologies:infinitytechs_restaurants_cm:*:*:*:*:*:*:*:*
cpe:2.3:a:infinity_technologies:infinitytechs_restaurants_cm:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 17-10-2018 - 21:47)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bugtraq	20061117 Infinitytechs Restaurants CM
sreason	1981

Last major update

17-10-2018 - 21:47

Published

04-12-2006 - 11:28

Last modified

17-10-2018 - 21:47