Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1641

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-1641
Last Modified 07 Mar 2011 09:33:28
Published 06 Apr 2006 06:04:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-1641

Summary

Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php.

Vulnerable Systems

Application

  • Czaries Network Czarnews 1.13b

  • Czaries Network Czarnews 1.14


References

VUPEN - ADV-2006-1237

SECUNIA - 19541

MISC - http://evuln.com/vulns/118/summary.html

XF - czarnews-multiple-sql-injection(25624)

BID - 17380

BUGTRAQ - 20060417 [eVuln] CzarNews XSS and Multiple SQL Injection Vulnerabilities

OSVDB - 24384

OSVDB - 24383

OSVDB - 24382

SECTRACK - 1015957


Last Updated: 27 May 2016 10:42:09