Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2504

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2504
Last Modified 07 Mar 2011 09:36:19
Published 22 May 2006 03:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2504

Summary

Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp.

Vulnerable Systems

Application

  • Azboard 1.0


References

VUPEN - ADV-2006-1827

BUGTRAQ - 20060515 Azboard <= 1.0 Multiple Sql Injections

MISC - http://user.chol.com/~jyj9782/sec/azboard_advisory.txt

XF - azboard-list-adminok-sql-injection(26495)

BID - 17990

OSVDB - 25528

OSVDB - 25527

SREASON - 928

SECUNIA - 20112


Last Updated: 27 May 2016 10:42:39