CVE-2006-1560

Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://evuln.com/vulns/110
http://secunia.com/advisories/19391
http://securityreason.com/securityalert/680
http://www.osvdb.org/24265
http://www.osvdb.org/24266
http://www.osvdb.org/24267
http://www.osvdb.org/24268
http://www.securityfocus.com/archive/1/430311/100/0/threaded
http://www.securityfocus.com/archive/1/430478/100/0/threaded
http://www.securityfocus.com/bid/17301
http://www.vupen.com/english/advisories/2006/1152
https://exchange.xforce.ibmcloud.com/vulnerabilities/25512

Configurations

Configuration 1 (hide)

cpe:2.3:a:skintech:phpnewsmanager:1.48:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-03-31 11:06

Updated : 2018-10-18 16:33

NVD link : CVE-2006-1560

Mitre link : CVE-2006-1560

CVE.ORG link : CVE-2006-1560

JSON object : View

Products Affected

skintech

phpnewsmanager

CWE

NVD-CWE-Other

{"id": "CVE-2006-1560", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-03-31T11:06:00.000", "references": [{"url": "http://evuln.com/vulns/110", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19391", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/680", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24265", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24266", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24267", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24268", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/430311/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/430478/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17301", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1152", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25512", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information."}], "lastModified": "2018-10-18T16:33:26.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:skintech:phpnewsmanager:1.48:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BD44FD4D-0280-46C5-8720-67E819E140B4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}