Vulnerabilities > CVE-2006-2135 - SQL Injection vulnerability in Ruperts News Script Login.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
ruperts-news

Summary

SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. Successful exploitation requires that magic_quotes_gpc is set to off.

Vulnerable Configurations

Part Description Count
Application
Ruperts_News
1