Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0517

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0517
Last Modified 07 Mar 2011 09:30:14
Published 02 Feb 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0517

Summary

Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".

Vulnerable Systems

Application

  • Spip 1.8.2e

  • Spip 1.9 Alpha2 5539


References

MISC - http://www.zone-h.org/en/advisories/read/id=8650/

VUPEN - ADV-2006-0398

SECUNIA - 18676

XF - spip-forum-sql-injection(24397)

BID - 24397

BID - 16458

BUGTRAQ - 20060131 ZRCSA-200601: SPIP - Multiple Vulnerabilities

OSVDB - 22848

OSVDB - 22845

OSVDB - 22844

SECTRACK - 1015556

SREASON - 395


Last Updated: 27 May 2016 10:41:40