Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3474

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3474
Last Modified 05 Sep 2008 05:07:14
Published 10 Jul 2006 04:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3474

Summary

Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.

Vulnerable Systems

Application

  • Belchior Foundry Vcard Pro


References

XF - vcard-multiple-scripts-sql-injection(27427)

BID - 18699

BUGTRAQ - 20060628 vCard PRO SQL Injection

SREASON - 1230


Last Updated: 27 May 2016 10:43:02