Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2032

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2032
Last Modified 05 Sep 2008 05:03:29
Published 25 Apr 2006 08:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2032

Summary

Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.

Vulnerable Systems

Application

  • Corenews 2.0.1


References

BID - 17655

BUGTRAQ - 20060421 Advisory: CoreNews <= 2.0.1 Multiple Remote Vulnerabilities.

MISC - http://www.nukedx.com/?getxpl=24

XF - corenews-preview-sql-injection(25977)

SREASON - 797


Last Updated: 27 May 2016 10:42:18