CVE-2006-1000

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html
http://secunia.com/advisories/19024	Exploit Vendor Advisory
http://securitytracker.com/id?1015682	Exploit Vendor Advisory
http://www.nukedx.com/?viewdoc=13	Exploit Vendor Advisory
http://www.nukedx.com/?viewdoc=14	Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/426074/100/0/threaded
http://www.securityfocus.com/archive/1/426075/100/0/threaded
http://www.securityfocus.com/bid/16818	Exploit Vendor Advisory
http://www.vupen.com/english/advisories/2006/0749

Configurations

Configuration 1 (hide)

cpe:2.3:a:g2soft:pentacle_in-out_board:6.03:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-03-06 20:06

Updated : 2024-02-04 16:52

NVD link : CVE-2006-1000

Mitre link : CVE-2006-1000

CVE.ORG link : CVE-2006-1000

JSON object : View

Products Affected

g2soft

pentacle_in-out_board

CWE

NVD-CWE-Other

{"id": "CVE-2006-1000", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-03-06T20:06:00.000", "references": [{"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html", "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19024", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015682", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.nukedx.com/?viewdoc=13", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.nukedx.com/?viewdoc=14", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/426074/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/426075/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16818", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0749", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp."}], "lastModified": "2018-10-18T16:30:09.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:g2soft:pentacle_in-out_board:6.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5F76BA8-3C25-4168-9838-601A1B7FCBC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}