SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:13
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html - | |
References | () http://secunia.com/advisories/20876 - Vendor Advisory | |
References | () http://secunia.com/advisories/20878 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/1200 - | |
References | () http://securitytracker.com/id?1016405 - | |
References | () http://www.securityfocus.com/archive/1/438710/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/18715 - | |
References | () http://www.vupen.com/english/advisories/2006/2595 - Vendor Advisory | |
References | () http://www.vupen.com/english/advisories/2006/2596 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/27545 - |
Information
Published : 2006-07-07 00:05
Updated : 2024-11-21 00:13
NVD link : CVE-2006-3430
Mitre link : CVE-2006-3430
CVE.ORG link : CVE-2006-3430
JSON object : View
Products Affected
novell
- zenworks
lumension
- patchlink_update_server
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')