Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2062

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2062
Last Modified 03 Nov 2008 01:18:51
Published 26 Apr 2006 04:06:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2062

Summary

Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, and probably the Network Version "Full Version", allow remote attackers to execute arbitrary SQL commands via the (1) banner parameter in agent_links.pl; the offset parameter in (2) agent_links.pl, (3) agent_transactions.pl, (4) agent_subaffiliates.pl, and (5) agent_summary.pl; the camp_id parameter in (6) agent_transactions_csv.pl, (7) agent_subaffiliates.pl, and (8) agent_camp_det.pl; the (9) login parameter in agent_commission_statement.pl; the logged parameter in (10) agent_commission_statement.pl and (11) agent_camp_det.pl; the (12) agent_id parameter in agent_commission_statement.pl; and the (13) sub parameter in unspecified files.

Vulnerable Systems

Application

  • Leadhound Network Leadhound Full 2.1

  • Leadhound Network Leadhound Full 2.1 Network Version

  • Leadhound Network Leadhound Lite 2.1


References

OSVDB - 25029

OSVDB - 25028

OSVDB - 25027

OSVDB - 25026

OSVDB - 25025

OSVDB - 25024

OSVDB - 25023

SECUNIA - 19867

MISC - http://pridels0.blogspot.com/2006/04/leadhound-multiple-vuln.html


Last Updated: 27 May 2016 10:42:19