Vulnerabilities > CVE-2006-2050 - Input Validation vulnerability in Dcscripts Dcforumlite 3.0

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

dcscripts

NVD

Published: 2006-04-26

Updated: 2018-10-18

Summary

SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.

Vulnerable Configurations

Part	Description	Count
Application	Dcscripts Dcscripts Dcforumlite 3.0	1

Statements

contributor	Joshua Bressers
lastmodified	2008-05-08
organization	Red Hat
statement	Red Hat does not consider this to be a security issue. The FastCGI server is local trusted code and not under the control of an attacker, no trust boundary is crossed. For more information please see: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2050

References

http://securityreason.com/securityalert/792
http://www.osvdb.org/24989
http://www.securityfocus.com/archive/1/432010/100/0/threaded
http://www.securityfocus.com/bid/17697
https://exchange.xforce.ibmcloud.com/vulnerabilities/26084