Vulnerability CVE-2006-3111
Published: 2006-06-20   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Chipmailer -> Chipmailer 

 References:
http://www.vupen.com/english/advisories/2006/2359
http://securitytracker.com/id?1016315
http://secunia.com/advisories/20643
http://marc.theaimsgroup.com/?l=bugtraq&m=115024576618386&w=2
http://xforce.iss.net/xforce/xfdb/27158
http://www.securityfocus.com/bid/18463
Copyright 2024, cxsecurity.com

 

Back to Top