Vulnerabilities > CVE-2006-1000 - SQL Injection vulnerability in G2Soft Pentacle In-Out Board 6.03
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Pentacle In-Out Board <= 6.03 (newsdetailsview) Remote SQL Injection. CVE-2006-1000. Webapps exploit for asp platform |
id | EDB-ID:1528 |
last seen | 2016-01-31 |
modified | 2006-02-25 |
published | 2006-02-25 |
reporter | nukedx |
source | https://www.exploit-db.com/download/1528/ |
title | Pentacle In-Out Board <= 6.03 newsdetailsview Remote SQL Injection |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html
- http://secunia.com/advisories/19024
- http://securitytracker.com/id?1015682
- http://www.nukedx.com/?viewdoc=13
- http://www.nukedx.com/?viewdoc=14
- http://www.securityfocus.com/archive/1/426074/100/0/threaded
- http://www.securityfocus.com/archive/1/426075/100/0/threaded
- http://www.securityfocus.com/bid/16818
- http://www.vupen.com/english/advisories/2006/0749