Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1685

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-1685
Last Modified 07 Mar 2011 09:33:35
Published 10 Apr 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1685

Summary

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.

Vulnerable Systems

Application

  • Apt-webshop-system 3.0

  • Apt-webshop-system 4.0


References

VUPEN - ADV-2006-1293

SECUNIA - 19592

XF - apt-webshop-sql-injection(25731)

BID - 17425

MISC - http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html


Last Updated: 27 May 2016 10:42:09