Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1278

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2006-1278
Last Modified 08 Aug 2011 12:00:00
Published 19 Mar 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2006-1278

Summary

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.

Vulnerable Systems

Application

  • Upoint %401 File Store 2006.03.07


References

XF - filestorepro-download-file-include(43724)

XF - filestorepro-id-sql-injection(43718)

XF - filestore-multiple-sql-injection(25183)

VUPEN - ADV-2006-0943

BID - 30182

BID - 17090

BUGTRAQ - 20060324 [eVuln] @1 File Store Multiple XSS and SQL Injection Vulnerabilities

OSVDB - 24106

OSVDB - 23864

OSVDB - 23863

OSVDB - 23862

OSVDB - 23861

OSVDB - 23860

OSVDB - 23859

OSVDB - 23858

OSVDB - 23857

OSVDB - 23856

OSVDB - 23855

OSVDB - 23854

OSVDB - 23853

OSVDB - 23852

OSVDB - 23851

MILW0RM - 6040

VIM - 20090825 @1 File Store PRO SQL injection - the old gray dupe

SECTRACK - 1015826

SREASON - 619

SECUNIA - 31063

SECUNIA - 19224

OSVDB - 47018

OSVDB - 47017

MISC - http://evuln.com/vulns/95/summary.html


Last Updated: 27 May 2016 10:42:00