Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0570

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0570
Last Modified 07 Mar 2011 09:30:21
Published 07 Feb 2006 01:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0570

Summary

Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors in the administrative interface.

Vulnerable Systems

Application

  • Hinton Design Phpstatus 1.0


References

VUPEN - ADV-2006-0450

MISC - http://evuln.com/vulns/61/summary.html

BID - 16587

BUGTRAQ - 20060212 [eVuln] phpstatus Authentication Bypass

SREASON - 427

SECUNIA - 18791


Last Updated: 27 May 2016 10:41:42