Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2268

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2268
Last Modified 07 Mar 2011 12:00:00
Published 09 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2268

Summary

SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows remote attackers to bypass authentication and execute arbitrary SQL commands via the admin and ordinary user interface, probably involving the (1) checkuser and (2) checkpass parameters to (a) admin/index.php, and (3) username and (4) password parameters to (b) index.php. NOTE: it was later reported that 0.0.6 is also affected.

Vulnerable Systems

Application

  • Flexcustomer 0.0.1

  • Flexcustomer 0.0.4


References

XF - flexcustomer-usercheek-sql-injection(47651)

XF - flexcustomer-login-sql-injection(26323)

VUPEN - ADV-2006-1690

BID - 17864

BUGTRAQ - 20060506 FlexCustomer <= 0.0.4 sql injection

OSVDB - 25343

OSVDB - 25342

MILW0RM - 7622

SREASON - 858

SECUNIA - 20016


Last Updated: 27 May 2016 10:42:24