Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2980

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2980
Last Modified 05 Sep 2008 05:05:56
Published 12 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2980

Summary

SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter.

Vulnerable Systems

Application

  • Viart Ltd Viart Shop Free 2.5.5 Enterprise

  • Viart Ltd Viart Shop Free 2.5.5 Light

  • Viart Ltd Viart Shop Free 2.5.5 Standard


References

XF - viart-blockforumtopicnew-sql-injection(27684)

CONFIRM - http://www.codetosell.com/downloads/xss_fix.zip

VIM - 20060612 verify of ViArt Shop Free 2.5.5 issue (diff digging)


Last Updated: 27 May 2016 10:42:50