Vulnerabilities > CVE-2006-1571 - SQL Injection vulnerability in R2Xdesign Qlitenews 20050701
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Successful exploitation requires "magic_quotes_gpc" to be disabled.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://evuln.com/vulns/114/summary.html
- http://secunia.com/advisories/19476
- http://securityreason.com/securityalert/701
- http://www.osvdb.org/24301
- http://www.securityfocus.com/archive/1/430873/100/0/threaded
- http://www.securityfocus.com/bid/17333
- http://www.vupen.com/english/advisories/2006/1182
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25565