Vulnerabilities > CVE-2006-0358 - Cross-Site Scripting vulnerability in Powerportal 1.1B/1.3/1.3B
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 3 |
Exploit-Db
description PowerPortal 1.1/1.3 search.php search Parameter XSS. CVE-2006-0358. Webapps exploit for php platform id EDB-ID:27103 last seen 2016-02-03 modified 2006-01-17 published 2006-01-17 reporter night_warrior771 source https://www.exploit-db.com/download/27103/ title PowerPortal 1.1/1.3 - search.php search Parameter XSS description PowerPortal 1.1/1.3 index.php search Parameter XSS. CVE-2006-0358. Webapps exploit for php platform id EDB-ID:27102 last seen 2016-02-03 modified 2006-01-17 published 2006-01-17 reporter night_warrior771 source https://www.exploit-db.com/download/27102/ title PowerPortal 1.1/1.3 index.php search Parameter XSS
References
- http://secunia.com/advisories/10172
- http://web.archive.org/web/20050303003128/http://powerportal.sourceforge.net/
- http://www.osvdb.org/27957
- http://www.osvdb.org/27958
- http://www.securityfocus.com/archive/1/422151/100/0/threaded
- http://www.securityfocus.com/bid/16279
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24196