CVE-2006-6090

Опубликовано: 24 нояб. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.

Ссылки

http://s-a-p.ca/index.php?page=OurAdvisories&id=35
Exploit
Vendor Advisory
URL Repurposed
http://secunia.com/advisories/22943
Vendor Advisory
http://securityreason.com/securityalert/1913
http://www.securityfocus.com/archive/1/451846/100/100/threaded
http://www.securityfocus.com/bid/21111
Exploit
http://www.vupen.com/english/advisories/2006/4579
https://exchange.xforce.ibmcloud.com/vulnerabilities/30342
https://exchange.xforce.ibmcloud.com/vulnerabilities/30343
http://s-a-p.ca/index.php?page=OurAdvisories&id=35
Exploit
Vendor Advisory
URL Repurposed
http://secunia.com/advisories/22943
Vendor Advisory
http://securityreason.com/securityalert/1913
http://www.securityfocus.com/archive/1/451846/100/100/threaded
http://www.securityfocus.com/bid/21111
Exploit
http://www.vupen.com/english/advisories/2006/4579
https://exchange.xforce.ibmcloud.com/vulnerabilities/30342
https://exchange.xforce.ibmcloud.com/vulnerabilities/30343

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:baalasp:smart_form_portal:*:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01233

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-6372-96rp-x8m8

github

почти 4 года назад