CVE-2006-5840

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5840
** DISPUTED ** Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the vendor has notified CVE that the current version only creates static pages, and that slistl.php/slid never existed in any version.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://attrition.org/pipermail/vim/2006-December/001190.html
http://s-a-p.ca/index.php?page=OurAdvisories&id=7 URL Repurposed
http://secunia.com/advisories/22792 Vendor Advisory
http://securityreason.com/securityalert/1840
http://www.attrition.org/pipermail/vim/2006-December/001170.html
http://www.osvdb.org/30249
http://www.osvdb.org/30250
http://www.securityfocus.com/archive/1/450946/100/0/threaded
http://www.securityfocus.com/bid/20970 Exploit Patch
http://www.vupen.com/english/advisories/2006/4418 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30135
http://attrition.org/pipermail/vim/2006-December/001190.html
http://s-a-p.ca/index.php?page=OurAdvisories&id=7 URL Repurposed
http://secunia.com/advisories/22792 Vendor Advisory
http://securityreason.com/securityalert/1840
http://www.attrition.org/pipermail/vim/2006-December/001170.html
http://www.osvdb.org/30249
http://www.osvdb.org/30250
http://www.securityfocus.com/archive/1/450946/100/0/threaded
http://www.securityfocus.com/bid/20970 Exploit Patch
http://www.vupen.com/english/advisories/2006/4418 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30135
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:abarcar:abarcar_realty_portal:5.1.5:*:*:*:*:*:*:*
cpe:2.3:a:abarcar:abarcar_realty_portal:6.0.1:*:*:*:*:*:*:*
History

21 Nov 2024, 00:20

Type Values Removed Values Added
References () http://attrition.org/pipermail/vim/2006-December/001190.html - () http://attrition.org/pipermail/vim/2006-December/001190.html -
References () http://s-a-p.ca/index.php?page=OurAdvisories&id=7 - URL Repurposed () http://s-a-p.ca/index.php?page=OurAdvisories&id=7 - URL Repurposed
References () http://secunia.com/advisories/22792 - Vendor Advisory () http://secunia.com/advisories/22792 - Vendor Advisory
References () http://securityreason.com/securityalert/1840 - () http://securityreason.com/securityalert/1840 -
References () http://www.attrition.org/pipermail/vim/2006-December/001170.html - () http://www.attrition.org/pipermail/vim/2006-December/001170.html -
References () http://www.osvdb.org/30249 - () http://www.osvdb.org/30249 -
References () http://www.osvdb.org/30250 - () http://www.osvdb.org/30250 -
References () http://www.securityfocus.com/archive/1/450946/100/0/threaded - () http://www.securityfocus.com/archive/1/450946/100/0/threaded -
References () http://www.securityfocus.com/bid/20970 - Exploit, Patch () http://www.securityfocus.com/bid/20970 - Exploit, Patch
References () http://www.vupen.com/english/advisories/2006/4418 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/4418 - Vendor Advisory
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/30135 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/30135 -

14 Feb 2024, 01:17

Type Values Removed Values Added
References () http://s-a-p.ca/index.php?page=OurAdvisories&id=7 - () http://s-a-p.ca/index.php?page=OurAdvisories&id=7 - URL Repurposed
Information

Published : 2006-11-10 02:07

Updated : 2024-11-21 00:20

NVD link : CVE-2006-5840

Mitre link : CVE-2006-5840

CVE.ORG link : CVE-2006-5840

JSON object : View

Products Affected

abarcar

  • abarcar_realty_portal
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')