Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1638

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1638
Last Modified 07 Mar 2011 09:33:28
Published 06 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1638

Summary

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php.

Vulnerable Systems

Application

  • Aweb Labs Awebbb 1.2


References

VUPEN - ADV-2006-1197

SECUNIA - 19486

MISC - http://evuln.com/vulns/117/summary.html

XF - awebbb-multiple-sql-injection(25587)

BID - 17352

BUGTRAQ - 20060415 [eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities

OSVDB - 24352

OSVDB - 24351

OSVDB - 24350

OSVDB - 24349

OSVDB - 24348

OSVDB - 24347

OSVDB - 24346

OSVDB - 24345

OSVDB - 24344

OSVDB - 24343

OSVDB - 24342

OSVDB - 24341

OSVDB - 24340


Last Updated: 27 May 2016 10:42:09