Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3168

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3168
Last Modified 07 Mar 2011 09:37:59
Published 22 Jun 2006 08:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3168

Summary

SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters in (b) index.php.

Vulnerable Systems

Application

  • Comscripts Cs-forum 0.81


References

XF - csforum-read-index-sql-injection(27176)

VUPEN - ADV-2006-2314

BUGTRAQ - 20060611 CS-Forum <= 0.81 Cross Site Scripting, SQL Injection, Full Path Disclosure

CONFIRM - http://www.comscripts.com/scripts/php.cs-forum.643.html

MISC - http://www.acid-root.new.fr/advisories/csforum081.txt

SECUNIA - 20534

OSVDB - 26383

OSVDB - 26382

SREASON - 1124


Last Updated: 27 May 2016 10:42:54