Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0775

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-0775
Last Modified 07 Mar 2011 09:30:47
Published 18 Feb 2006 07:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0775

Summary

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php (date.php) was originally reported, but this appears to be in error.

Vulnerable Systems

Application

  • Ridder Roeland Birthsys 3.1


References

XF - birthsys-show-date-sql-injection(24617)

VUPEN - ADV-2006-0621

MISC - http://www.evuln.com/vulns/74/summary.html

VIM - 20060215 EV0074 BirthSys 3.1 SQL injection (fwd)

BID - 16684

OSVDB - 23185

SREASON - 467

SECUNIA - 18893


Last Updated: 27 May 2016 10:41:48