Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1330

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1330
Last Modified 06 Sep 2011 12:00:00
Published 20 Mar 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1330

Summary

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

Vulnerable Systems

Application

  • Phpwebsite 0.7.3

  • Phpwebsite 0.8.2

  • Phpwebsite 0.8.3


References

XF - phpwebsite-multiple-sql-injection(25328)

VUPEN - ADV-2006-1039

BID - 17150

BUGTRAQ - 20060413 Re: phpWebsite <= SQL Injection (friend.php) & (article.php)

BUGTRAQ - 20060318 phpWebsite <= SQL Injection (friend.php) & (article.php)

SECUNIA - 19315


Last Updated: 27 May 2016 10:42:02