Vulnerability CVE-2006-2835


Published: 2006-06-06   Modified: 2012-02-12

Description:
SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Critical sql injection in saphplesson 2.0
black-cod3 hotma...
08.06.2006

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Arabless -> Saphplesson 

 References:
http://securityreason.com/securityalert/1047
http://www.securityfocus.com/archive/1/435202/100/0/threaded
http://www.securityfocus.com/archive/1/440120
http://www.securityfocus.com/archive/1/472798/100/0/threaded
http://www.securityfocus.com/bid/18117
http://www.securityfocus.com/bid/18934
https://exchange.xforce.ibmcloud.com/vulnerabilities/26757

Copyright 2024, cxsecurity.com

 

Back to Top