Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3359

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3359
Last Modified 05 Sep 2008 05:06:54
Published 06 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3359

Summary

Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 PRO allow remote attackers to inject arbitrary web script or HTML via the (1) words, (2) id, (3) topmenuitem, and (4) cat_id parameters in (a) index.php; and the (5) category parameter in (b) inc/rss_feed.php.

Vulnerable Systems

Application

  • Newsphp 2006 Pro


References

BUGTRAQ - 20060629 NewsPHP 2006 PRO XSS SQL injection Vulnerability

XF - newsphp-rssfeed-sql-injection(27509)

BID - 18726

OSVDB - 26978

SREASON - 1188


Last Updated: 27 May 2016 10:42:58