Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3135

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3135
Last Modified 07 Mar 2011 09:37:56
Published 13 Jul 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3135

Summary

Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.

Vulnerable Systems

Application

  • Hotwebscripts Cms Mundo 1.0 Build 008


References

VUPEN - ADV-2006-2783

MISC - http://secunia.com/secunia_research/2006-52/advisory/

SECUNIA - 20589

XF - cmsmundo-index-sql-injection(27712)

OSVDB - 27143

OSVDB - 27142

OSVDB - 27141

OSVDB - 27140

OSVDB - 27139

SREASON - 1236


Last Updated: 27 May 2016 10:42:54