CVE-2006-6132

Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://s-a-p.ca/index.php?page=OurAdvisories&id=53	Exploit Vendor Advisory URL Repurposed
http://secunia.com/advisories/23068	Exploit Vendor Advisory
http://securityreason.com/securityalert/1920
http://www.securityfocus.com/archive/1/452256/100/0/threaded
http://www.securityfocus.com/bid/21239	Exploit
http://www.vupen.com/english/advisories/2006/4656
https://exchange.xforce.ibmcloud.com/vulnerabilities/30460

Configurations

Configuration 1 (hide)

cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-11-28 01:07

Updated : 2024-02-14 01:17

NVD link : CVE-2006-6132

Mitre link : CVE-2006-6132

CVE.ORG link : CVE-2006-6132

JSON object : View

Products Affected

softacid

link_exchange_lite

CWE

NVD-CWE-Other

{"id": "CVE-2006-6132", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2006-11-28T01:07:00.000", "references": [{"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53", "tags": ["Exploit", "Vendor Advisory", "URL Repurposed"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/23068", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/1920", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/452256/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/21239", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/4656", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30460", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyeci\u00f3n SQL en Link Exchange Lite permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s (1) del campo de motor de b\u00fasqueda para search.asp y (2) el par\u00e1metro psearch de linklist.asp."}], "lastModified": "2024-02-14T01:17:43.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3392DBEE-5B97-467B-82A8-73C3C00712D1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}