Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1234

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1234
Last Modified 07 Mar 2011 09:32:30
Published 14 Mar 2006 02:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1234

Summary

SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

Vulnerable Systems

Application

  • Dsportal Dscounter 1.2


References

XF - dscounter-index-sql-injection(25190)

VUPEN - ADV-2006-0933

BID - 17112

BUGTRAQ - 20060325 [eVuln] DSCounter 'X-Forwarded-For' SQL Injection Vulnerability

SECTRACK - 1015756

SECUNIA - 19206

MISC - http://evuln.com/vulns/98/summary.html

OSVDB - 23882

SREASON - 627


Last Updated: 27 May 2016 10:41:58