Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3012

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3012
Last Modified 07 Mar 2011 09:37:28
Published 19 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3012

Summary

SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.

Vulnerable Systems

Application

  • Eschew.net Phpbannerexchange 2.0

  • Eschew.net Phpbannerexchange 2.0 Update 1

  • Eschew.net Phpbannerexchange 2.0 Update 2

  • Eschew.net Phpbannerexchange 2.0 Update 3

  • Eschew.net Phpbannerexchange 2.0 Update 4

  • Eschew.net Phpbannerexchange 2.0 Update 5


References

BID - 18448

BUGTRAQ - 20060615 Advisory: Authentication bypass in phpBannerExchange

VUPEN - ADV-2006-2402

MISC - http://www.redteam-pentesting.de/advisories/rt-sa-2006-004.txt

CONFIRM - http://www.eschew.net/scripts/phpbe/2.0/releasenotes.php

XF - phpbannerexchange-stats-sql-injection(27195)

OSVDB - 26510


Last Updated: 27 May 2016 10:42:51