Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2255

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2255
Last Modified 07 Mar 2011 09:35:49
Published 09 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2255

Summary

Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.

Vulnerable Systems

Application

  • Creative Software Community Portal 1.1


References

VUPEN - ADV-2006-1688

SECUNIA - 19999

XF - ccportal-multiple-sql-injection(26313)

BID - 17890

OSVDB - 25312

OSVDB - 25311

OSVDB - 25310

OSVDB - 25309

OSVDB - 25308

OSVDB - 25307

MISC - http://pridels0.blogspot.com/2006/05/creative-community-portal-vuln.html


Last Updated: 27 May 2016 10:42:24