Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1766

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-1766
Last Modified 03 Nov 2008 01:17:00
Published 13 Apr 2006 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1766

Summary

Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) getlang and (2) reporeid parameter in (a) index.php, (3) menuid parameter in (b) plugin.php and (c) forumthread.php, and (4) msgid parameter in forumthread.php.

Vulnerable Systems

Application

  • Papoo 2.1.2

  • Papoo 2.1.4

  • Papoo 2.1.5

  • Papoo 3 Beta1


References

XF - papoo-multiple-scripts-sql-injection(25728)

MISC - http://pridels0.blogspot.com/2006/04/papoo-multiple-sql-vuln.html


Last Updated: 27 May 2016 10:42:10