Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1238

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1238
Last Modified 07 Mar 2011 09:32:30
Published 15 Mar 2006 11:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1238

Summary

SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the $log_userid variable in (1) index.php and (2) admin/index.php.

Vulnerable Systems

Application

  • Dsportal Dslogin 1.0


References

XF - dslogin-index-sql-injection(25194)

XF - dslogin-index-bypass-authentication(25194)

VUPEN - ADV-2006-0953

BID - 17262

BUGTRAQ - 20060327 [eVuln] DSLogin Authentication Bypass Vulnerability

SECTRACK - 1015754

SECUNIA - 19201

MISC - http://evuln.com/vulns/100/summary.html

OSVDB - 23896

SREASON - 637


Last Updated: 27 May 2016 10:41:59