Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1362

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1362
Last Modified 05 Sep 2008 05:01:42
Published 23 Mar 2006 06:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1362

Summary

Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp. NOTE: The pages.asp/id vector is already covered by CVE-2006-0870.

Vulnerable Systems

Application

  • Mini-nuke Cms 1.8.2


References

BUGTRAQ - 20060321 Mini-Nuke<=1.8.2 SQL injection (6)

XF - mininuke-multiple-sql-injection(25372)

SREASON - 617

SECUNIA - 18439


Last Updated: 27 May 2016 10:42:02