Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3236

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3236
Last Modified 07 Mar 2011 09:38:08
Published 27 Jun 2006 06:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3236

Summary

Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php, and the (2) catid parameter in index.php.

Vulnerable Systems

Application

  • Thinkfactory Thinkwms 1.0


References

XF - thinkwms-printarticle-sql-injection(27270)

VUPEN - ADV-2006-2470

BID - 18567

SECTRACK - 1016355

SECUNIA - 20747

OSVDB - 26743

OSVDB - 26742

MISC - http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html


Last Updated: 27 May 2016 10:42:56