Vulnerabilities > CVE-2006-2032 - Input Validation vulnerability in CoreNews
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | CoreNews <= 2.0.1 (userid) Remote SQL Injection Exploit. CVE-2006-2032. Webapps exploit for php platform |
| id | EDB-ID:1704 |
| last seen | 2016-01-31 |
| modified | 2006-04-21 |
| published | 2006-04-21 |
| reporter | nukedx |
| source | https://www.exploit-db.com/download/1704/ |
| title | CoreNews <= 2.0.1 userid Remote SQL Injection Exploit |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045372.html
- http://securityreason.com/securityalert/797
- http://www.nukedx.com/?getxpl=24
- http://www.securityfocus.com/archive/1/431761/100/0/threaded
- http://www.securityfocus.com/bid/17655
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25977