Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2826

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2826
Last Modified 07 Mar 2011 09:37:05
Published 05 Jun 2006 01:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2826

Summary

SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie.

Vulnerable Systems

Application

  • Phplib Team Phplib 7.4

  • Phplib Team Phplib 7.4 Pre2


References

XF - phplib-code-execution(24873)

BID - 16801

OSVDB - 23466

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=31885&release_id=396091

SECTRACK - 1016123

SECUNIA - 16902

VUPEN - ADV-2006-0720

MISC - http://www.gulftech.org/?node=research&article_id=00107-03052006


Last Updated: 27 May 2016 10:42:46