Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0669

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0669
Last Modified 10 Sep 2008 04:01:21
Published 13 Feb 2006 05:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0669

Summary

** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments.

Vulnerable Systems

Application

  • Gasoft Gas Forum Light


References

BID - 16563

VIM - 20060220 vendor dispute for CVE-2006-0669

SECTRACK - 1015600

XF - gasforumlight-archive-sql-injection(24616)

OSVDB - 23509


Last Updated: 27 May 2016 10:41:45