Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0205

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-0205
Last Modified 06 Sep 2011 12:00:00
Published 13 Jan 2006 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-0205

Summary

Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.

Vulnerable Systems

Application

  • Wordcircle 2.17


References

XF - wordcircle-login-security-bypass(24108)

XF - wordcircle-sql-injection(24105)

VUPEN - ADV-2006-0185

BID - 16227

BUGTRAQ - 20060112 [eVuln] Wordcircle Multiple SQL Injection & XSS Vulnerabilities

BUGTRAQ - 20060112 [eVuln] Wordcircle Authentication Bypass

OSVDB - 22358

SREASON - 346

SREASON - 345

SECUNIA - 18440

MISC - http://evuln.com/vulns/28/summary.html

MISC - http://evuln.com/vulns/27/summary.html


Last Updated: 27 May 2016 10:41:34