Vulnerabilities > CVE-2006-1001 - SQL Injection vulnerability in Lansuite Board Module

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
lansuite
exploit available

Summary

SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter. This vulnerability affects Lansuite, LanParty Intranet System version 2.1 (Beta) & LanSuite, LanParty Intranet System versions 2.0.6 and previous.

Vulnerable Configurations

Part Description Count
Application
Lansuite
2

Exploit-Db

descriptionLansuite <= 2.1.0 Beta (fid) Remote SQL Injection Exploit. CVE-2006-1001. Webapps exploit for php platform
fileexploits/php/webapps/1526.php
idEDB-ID:1526
last seen2016-01-31
modified2006-02-24
platformphp
port
published2006-02-24
reporterx128
sourcehttps://www.exploit-db.com/download/1526/
titleLansuite <= 2.1.0 Beta fid Remote SQL Injection Exploit
typewebapps