Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3348

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3348
Last Modified 09 Oct 2008 01:19:42
Published 03 Jul 2006 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3348

Summary

Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.

Vulnerable Systems

Application

  • Swsoft Hspcomplete 3.2.2

  • Swsoft Hspcomplete 3.3 Beta


References

XF - hspcomplete-custombuttons-sql-injection(27379)

MISC - http://pridels0.blogspot.com/2006/06/hspcomplete-vuln.html


Last Updated: 27 May 2016 10:42:58