Vulnerabilities > CVE-2006-0520 - SQL Injection vulnerability in Dragoran Portal Module 1.3

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
dragoran
nessus
exploit available

Summary

SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Dragoran
1

Exploit-Db

descriptionInvision Power Board Dragoran Portal Mod <= 1.3 SQL Injection Exploit. CVE-2006-0520. Webapps exploit for php platform
idEDB-ID:1461
last seen2016-01-31
modified2006-01-31
published2006-01-31
reporterSkOd
sourcehttps://www.exploit-db.com/download/1461/
titleInvision Power Board Dragoran Portal Mod <= 1.3 - SQL Injection Exploit

Nessus

NASL familyCGI abuses
NASL idINVISION_POWER_BOARD_DRAGORAN_SITE_SQL_INJECTION.NASL
descriptionThe installation of Invision Power Board on the remote host contains an optional plugin module known as Dragoran Portal that fails to sanitize input to the
last seen2020-06-01
modified2020-06-02
plugin id20835
published2006-02-01
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20835
titleInvision Power Board Dragoran Portal Module index.php site Parameter SQL Injection