Vulnerability CVE-2006-1685


Published: 2006-04-10   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
APT -> Apt-webshop-system 

 References:
http://www.vupen.com/english/advisories/2006/1293
http://secunia.com/advisories/19592
http://xforce.iss.net/xforce/xfdb/25731
http://www.securityfocus.com/bid/17425
http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html

Copyright 2022, cxsecurity.com

 

Back to Top