Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2532

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2532
Last Modified 05 Sep 2008 05:04:48
Published 22 May 2006 07:10:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2532

Summary

stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.

Vulnerable Systems

Application

  • Greg Donald Destiney Rated Images Script 0.5.0


References

BUGTRAQ - 20060521 Destiney Rated Images Script v0.5.0 - XSS Vulnv

XF - destineyris-stats-sql-injection(26603)

SREASON - 940


Last Updated: 27 May 2016 10:42:39