Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0444

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-0444
Last Modified 07 Mar 2011 09:30:03
Published 26 Jan 2006 05:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-0444

Summary

SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. NOTE: the poll_id vector can also allow resultant cross-site scripting (XSS) from an unquoted error message for invalid SQL syntax.

Vulnerable Systems

Application

  • Phpclanwebsite 1.23.1


References

BID - 16391

SECUNIA - 18597

VUPEN - ADV-2006-0342

BUGTRAQ - 20060125 HYSA-2006-002 Phpclanwebsite 1.23.1 Multiple Vulnerabilities

OSVDB - 22722

OSVDB - 22720

MISC - http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt

XF - phpclanwebsite-index-sql-injection(24355)


Last Updated: 27 May 2016 10:41:39