Vulnerability CVE-2006-0313
Published: 2006-01-18   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Pdfdirectory -> Pdfdirectory 

 References:
http://www.securityfocus.com/bid/16273
http://www.osvdb.org/22415
http://www.osvdb.org/22414
http://www.osvdb.org/22413
http://www.osvdb.org/22412
http://www.osvdb.org/22411
http://www.osvdb.org/22410
http://www.osvdb.org/22409
http://www.osvdb.org/22408
http://www.osvdb.org/22407
http://www.osvdb.org/22406
http://www.osvdb.org/22405
http://www.osvdb.org/22404
http://www.osvdb.org/22403
http://sourceforge.net/project/shownotes.php?release_id=382411&group_id=122682
http://secunia.com/advisories/18459
http://www.vupen.com/english/advisories/2006/0231
Copyright 2024, cxsecurity.com

 

Back to Top