Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3662

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3662
Last Modified 05 Sep 2008 05:07:43
Published 18 Jul 2006 11:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3662

Summary

** DISPUTED ** SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1.

Vulnerable Systems

Application

  • Adaptive Technology Resource Centre Atutor 1.5.3


References

XF - atutor-index-sql-injection(27620)

BID - 18898

BUGTRAQ - 20060711 Re: ATutor 1.5.3 Cross Site Scripting

BUGTRAQ - 20060708 ATutor 1.5.3 Cross Site Scripting

BUGTRAQ - 20060721 Re: ATutor 1.5.3 Cross Site Scripting

OSVDB - 28188


Last Updated: 27 May 2016 10:43:05