Vulnerabilities > CVE-2006-1613 - Unspecified vulnerability in Aweb Labs Awebnews 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. Condition: magic_quotes_gpc = off
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | aWebNews 1.2 visview.php _GET['cid'] Parameter SQL Injection. CVE-2006-1613 . Webapps exploit for php platform |
id | EDB-ID:27560 |
last seen | 2016-02-03 |
modified | 2006-04-03 |
published | 2006-04-03 |
reporter | Aliaksandr Hartsuyeu |
source | https://www.exploit-db.com/download/27560/ |
title | aWebNews 1.2 - visview.php _GET'cid' Parameter SQL Injection |
References
- http://evuln.com/vulns/116/summary.html
- http://secunia.com/advisories/19487
- http://www.osvdb.org/24334
- http://www.osvdb.org/24335
- http://www.osvdb.org/24336
- http://www.securityfocus.com/archive/1/431007/100/0/threaded
- http://www.vupen.com/english/advisories/2006/1196
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25590