Vulnerability CVE-2006-0669


Published: 2006-02-13   Modified: 2012-02-12

Description:
** DISPUTED ** Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Gasoft -> Gas forum light 

 References:
http://www.securityfocus.com/bid/16563
http://www.attrition.org/pipermail/vim/2006-February/000561.html
http://securitytracker.com/id?1015600
http://xforce.iss.net/xforce/xfdb/24616
http://www.osvdb.org/23509

Copyright 2024, cxsecurity.com

 

Back to Top