CVE-2006-2541

Опубликовано: 23 мая 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.

Ссылки

http://secunia.com/advisories/20190
Vendor Advisory
http://securityreason.com/securityalert/946
http://www.kapda.ir/advisory-327.html
Exploit
Vendor Advisory
http://www.osvdb.org/25707
http://www.securityfocus.com/archive/1/434575/100/0/threaded
http://www.securityfocus.com/bid/18043
Exploit
http://www.vupen.com/english/advisories/2006/1889
https://exchange.xforce.ibmcloud.com/vulnerabilities/26577
https://www.exploit-db.com/exploits/1807
http://secunia.com/advisories/20190
Vendor Advisory
http://securityreason.com/securityalert/946
http://www.kapda.ir/advisory-327.html
Exploit
Vendor Advisory
http://www.osvdb.org/25707
http://www.securityfocus.com/archive/1/434575/100/0/threaded
http://www.securityfocus.com/bid/18043
Exploit
http://www.vupen.com/english/advisories/2006/1889
https://exchange.xforce.ibmcloud.com/vulnerabilities/26577
https://www.exploit-db.com/exploits/1807

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:john_andersson:zixforum:1.12:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01976

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-j3rc-245m-g2fr

github

почти 4 года назад