Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0774

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0774
Last Modified 07 Mar 2011 09:30:47
Published 18 Feb 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0774

Summary

SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.

Vulnerable Systems

Application

  • Lawrence Osiris Db Esession 1.0.2


References

VUPEN - ADV-2006-0528

BID - 16598

BUGTRAQ - 20060211 DB_eSession deleteSession() SQL injection

OSVDB - 23104

MISC - http://www.gulftech.org/?node=research&article_id=00099-02112006

SECUNIA - 18805

XF - dbesession-deletesession-sql-injection(24673)

BUGTRAQ - 20060501 Re: DB_eSession deleteSession() SQL injection


Last Updated: 27 May 2016 10:41:48