Vulnerability CVE-2006-1541
Published: 2006-03-30   Modified: 2012-02-12

Description:
SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None
Affected software
Ezaspsite -> Ezaspsite 

 References:
http://marc.info/?l=full-disclosure&m=114367573519326&w=2
http://www.nukedx.com/?viewdoc=22
http://www.securityfocus.com/archive/1/429487/100/0/threaded
http://www.securityfocus.com/bid/17309
http://www.vupen.com/english/advisories/2006/1164
https://exchange.xforce.ibmcloud.com/vulnerabilities/25544
https://www.exploit-db.com/exploits/1623
Copyright 2024, cxsecurity.com

 

Back to Top