Vulnerabilities > CVE-2006-1613 - Unspecified vulnerability in Aweb Labs Awebnews 1.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
aweb-labs
exploit available

Summary

Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. Condition: magic_quotes_gpc = off

Vulnerable Configurations

Part Description Count
Application
Aweb_Labs
1

Exploit-Db

descriptionaWebNews 1.2 visview.php _GET['cid'] Parameter SQL Injection. CVE-2006-1613 . Webapps exploit for php platform
idEDB-ID:27560
last seen2016-02-03
modified2006-04-03
published2006-04-03
reporterAliaksandr Hartsuyeu
sourcehttps://www.exploit-db.com/download/27560/
titleaWebNews 1.2 - visview.php _GET'cid' Parameter SQL Injection