Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3666

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3666
Last Modified 05 Sep 2008 05:07:44
Published 18 Jul 2006 11:47:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3666

Summary

SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the 'Search' field, a different vulnerability than CVE-2006-3515.

Vulnerable Systems

Application

  • Myiosoft.com Ajaxportal 3.0


References

XF - ajaxportal-login-search-sql-injection(27644)

BUGTRAQ - 20060709 Re: [KAPDA::#46] - AjaxPortal Authentication Bypass

OSVDB - 27068

SECUNIA - 20985


Last Updated: 27 May 2016 10:43:05