CVE-2006-1278

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://evuln.com/vulns/95/summary.html	Exploit
http://osvdb.org/47017
http://osvdb.org/47018
http://secunia.com/advisories/19224	Vendor Advisory
http://secunia.com/advisories/31063	Vendor Advisory
http://securityreason.com/securityalert/619	Exploit
http://securitytracker.com/id?1015826	Exploit
http://www.attrition.org/pipermail/vim/2009-August/002246.html
http://www.osvdb.org/23851	Exploit
http://www.osvdb.org/23852
http://www.osvdb.org/23853
http://www.osvdb.org/23854
http://www.osvdb.org/23855
http://www.osvdb.org/23856
http://www.osvdb.org/23857
http://www.osvdb.org/23858
http://www.osvdb.org/23859
http://www.osvdb.org/23860
http://www.osvdb.org/23861
http://www.osvdb.org/23862
http://www.osvdb.org/23863
http://www.osvdb.org/23864
http://www.osvdb.org/24106
http://www.securityfocus.com/archive/1/428659/100/0/threaded
http://www.securityfocus.com/bid/17090
http://www.securityfocus.com/bid/30182	Exploit
http://www.vupen.com/english/advisories/2006/0943	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25183
https://exchange.xforce.ibmcloud.com/vulnerabilities/43718
https://exchange.xforce.ibmcloud.com/vulnerabilities/43724
https://www.exploit-db.com/exploits/6040
http://evuln.com/vulns/95/summary.html	Exploit
http://osvdb.org/47017
http://osvdb.org/47018
http://secunia.com/advisories/19224	Vendor Advisory
http://secunia.com/advisories/31063	Vendor Advisory
http://securityreason.com/securityalert/619	Exploit
http://securitytracker.com/id?1015826	Exploit
http://www.attrition.org/pipermail/vim/2009-August/002246.html
http://www.osvdb.org/23851	Exploit
http://www.osvdb.org/23852
http://www.osvdb.org/23853
http://www.osvdb.org/23854
http://www.osvdb.org/23855
http://www.osvdb.org/23856
http://www.osvdb.org/23857
http://www.osvdb.org/23858
http://www.osvdb.org/23859
http://www.osvdb.org/23860
http://www.osvdb.org/23861
http://www.osvdb.org/23862
http://www.osvdb.org/23863
http://www.osvdb.org/23864
http://www.osvdb.org/24106
http://www.securityfocus.com/archive/1/428659/100/0/threaded
http://www.securityfocus.com/bid/17090
http://www.securityfocus.com/bid/30182	Exploit
http://www.vupen.com/english/advisories/2006/0943	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/25183
https://exchange.xforce.ibmcloud.com/vulnerabilities/43718
https://exchange.xforce.ibmcloud.com/vulnerabilities/43724
https://www.exploit-db.com/exploits/6040

Configurations

Configuration 1 (hide)

cpe:2.3:a:upoint:\@1_file_store:2006.03.07:*:*:*:*:*:*:*

History

21 Nov 2024, 00:08

Information

Published : 2006-03-19 11:06

Updated : 2024-11-21 00:08

NVD link : CVE-2006-1278

Mitre link : CVE-2006-1278

CVE.ORG link : CVE-2006-1278

JSON object : View

Products Affected

upoint

\@1_file_store

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

6.8 /10