[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78764

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2006-2128

Date: (C)2006-05-01   (M)2017-07-21 


Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
BID-17762
SECUNIA-19882
http://www.securityfocus.com/archive/1/archive/1/435787/100/0/threaded
OSVDB-25124
OSVDB-25125
OSVDB-25126
OSVDB-25127
ADV-2006-1578
http://evuln.com/vulns/130/summary.html
http://soot.shabgard.org/bugs/propublish.txt
propublish-multiple-sql-injection(26148)

CWE    1
CWE-89

© 2013 SecPod Technologies