Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1289

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1289
Last Modified 07 Mar 2011 09:32:43
Published 19 Mar 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1289

Summary

Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 and 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, (3) team, (4) level, (5) status, (6) teamname, and (7) teamlead parameters in (a) auth.php; the (8) username, (9) action, and (10) filter parameters in (b) authuser.php; the (11) username parameter in (c) utils.php; the (12) id and (13) date parameters in (d) traffic.php; the (14) username parameter in (e) userstatistics.php; and the (15) USERNAME and (16) PASSWORD parameters in a cookie to (f) chgpwd.php.

Vulnerable Systems

Application

  • Milkeyway Captive Portal 0.1

  • Milkeyway Captive Portal 0.1.1


References

VUPEN - ADV-2006-0968

MISC - http://www.ush.it/team/ascii/hack-milkeway/milkeyway.txt

BID - 17127

BUGTRAQ - 20060316 Milkeyway Multiple Vulnerabilities

XF - milkeyway-admin-sql-injection(25287)

XF - milkeyway-multiple-sql-injection(25281)

MISC - http://www.ush.it/team/ascii/hack-milkeway/advisory.txt

OSVDB - 23931

OSVDB - 23929

OSVDB - 23928

OSVDB - 23927

OSVDB - 23925

SECTRACK - 1015778

SECUNIA - 19258


Last Updated: 27 May 2016 10:42:00