CVE-2006-1234

SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.

CVSS v2.0 5.1 MEDIUM

5.1^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability : 4.9 / Impact : 6.4

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://evuln.com/vulns/98/summary.html	Vendor Advisory
http://secunia.com/advisories/19206	Vendor Advisory
http://securityreason.com/securityalert/627
http://securitytracker.com/id?1015756
http://www.osvdb.org/23882
http://www.securityfocus.com/archive/1/428807/100/0/threaded
http://www.securityfocus.com/bid/17112
http://www.vupen.com/english/advisories/2006/0933
https://exchange.xforce.ibmcloud.com/vulnerabilities/25190
http://evuln.com/vulns/98/summary.html	Vendor Advisory
http://secunia.com/advisories/19206	Vendor Advisory
http://securityreason.com/securityalert/627
http://securitytracker.com/id?1015756
http://www.osvdb.org/23882
http://www.securityfocus.com/archive/1/428807/100/0/threaded
http://www.securityfocus.com/bid/17112
http://www.vupen.com/english/advisories/2006/0933
https://exchange.xforce.ibmcloud.com/vulnerabilities/25190

Configurations

Configuration 1 (hide)

cpe:2.3:a:dsportal:dscounter:1.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:08

Type	Values Removed	Values Added
References	~~() http://evuln.com/vulns/98/summary.html - Vendor Advisory~~	() http://evuln.com/vulns/98/summary.html - Vendor Advisory
References	~~() http://secunia.com/advisories/19206 - Vendor Advisory~~	() http://secunia.com/advisories/19206 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/627 -~~	() http://securityreason.com/securityalert/627 -
References	~~() http://securitytracker.com/id?1015756 -~~	() http://securitytracker.com/id?1015756 -
References	~~() http://www.osvdb.org/23882 -~~	() http://www.osvdb.org/23882 -
References	~~() http://www.securityfocus.com/archive/1/428807/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/428807/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/17112 -~~	() http://www.securityfocus.com/bid/17112 -
References	~~() http://www.vupen.com/english/advisories/2006/0933 -~~	() http://www.vupen.com/english/advisories/2006/0933 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/25190 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/25190 -

Information

Published : 2006-03-14 19:06

Updated : 2024-11-21 00:08

NVD link : CVE-2006-1234

Mitre link : CVE-2006-1234

CVE.ORG link : CVE-2006-1234

JSON object : View

Products Affected

dsportal

dscounter

CWE

NVD-CWE-Other

5.1 /10