Vulnerability CVE-2006-1571
Published: 2006-03-31   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
qliteNews SQL Injection Vulnerability
alex evuln com
13.04.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:H/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5.1/10
6.4/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
R2xdesign -> Qlitenews 

 References:
http://evuln.com/vulns/114/summary.html
http://securityreason.com/securityalert/701
http://www.securityfocus.com/archive/1/430873/100/0/threaded
http://www.securityfocus.com/bid/17333
http://www.vupen.com/english/advisories/2006/1182
https://exchange.xforce.ibmcloud.com/vulnerabilities/25565
Copyright 2024, cxsecurity.com

 

Back to Top