Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3318

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2006-3318
Last Modified 05 Aug 2011 12:00:00
Published 29 Jun 2006 05:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2006-3318

Summary

SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters.

Vulnerable Systems

Application

  • Spiffyjr Phpraid 3.0.6


References

XF - phpraid-register-sql-injection(27459)

VUPEN - ADV-2006-2593

BUGTRAQ - 20060629 Secunia Research: phpRaid SQL Injection and File InclusionVulnerabilities

SREASON - 1173

MISC - http://secunia.com/secunia_research/2006-47/advisory/

SECUNIA - 20865


Last Updated: 27 May 2016 10:42:57