Vulnerabilities > CVE-2006-2255 - SQL Injection vulnerability in Creative Software Community Portal 1.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Creative Software UK Community Portal 1.1 DiscReply.php mid Parameter SQL Injection. CVE-2006-2255. Webapps exploit for php platform id EDB-ID:27836 last seen 2016-02-03 modified 2006-05-08 published 2006-05-08 reporter r0t source https://www.exploit-db.com/download/27836/ title Creative Software UK Community Portal 1.1 DiscReply.php mid Parameter SQL Injection description Creative Software UK Community Portal 1.1 DiscView.php forum_id Parameter SQL Injection. CVE-2006-2255 . Webapps exploit for php platform id EDB-ID:27832 last seen 2016-02-03 modified 2006-05-08 published 2006-05-08 reporter r0t source https://www.exploit-db.com/download/27832/ title Creative Software UK Community Portal 1.1 DiscView.php forum_id Parameter SQL Injection description Creative Software UK Community Portal 1.1 PollResults.php Multiple Parameter SQL Injection. CVE-2006-2255. Webapps exploit for php platform id EDB-ID:27835 last seen 2016-02-03 modified 2006-05-08 published 2006-05-08 reporter r0t source https://www.exploit-db.com/download/27835/ title Creative Software UK Community Portal 1.1 PollResults.php Multiple Parameter SQL Injection description Creative Software UK Community Portal 1.1 EventView.php event_id Parameter SQL Injection. CVE-2006-2255. Webapps exploit for php platform id EDB-ID:27834 last seen 2016-02-03 modified 2006-05-08 published 2006-05-08 reporter r0t source https://www.exploit-db.com/download/27834/ title Creative Software UK Community Portal 1.1 EventView.php event_id Parameter SQL Injection description Creative Software UK Community Portal 1.1 Discussions.php forum_id Parameter SQL Injection. CVE-2006-2255. Webapps exploit for php platform id EDB-ID:27833 last seen 2016-02-03 modified 2006-05-08 published 2006-05-08 reporter r0t source https://www.exploit-db.com/download/27833/ title Creative Software UK Community Portal 1.1 Discussions.php forum_id Parameter SQL Injection description Creative Software UK Community Portal 1.1 ArticleView.php article_id Parameter SQL Injection. CVE-2006-2255. Webapps exploit for php platform id EDB-ID:27831 last seen 2016-02-03 modified 2006-05-08 published 2006-05-08 reporter r0t source https://www.exploit-db.com/download/27831/ title Creative Software UK Community Portal 1.1 ArticleView.php article_id Parameter SQL Injection
References
- http://pridels0.blogspot.com/2006/05/creative-community-portal-vuln.html
- http://secunia.com/advisories/19999
- http://www.osvdb.org/25307
- http://www.osvdb.org/25308
- http://www.osvdb.org/25309
- http://www.osvdb.org/25310
- http://www.osvdb.org/25311
- http://www.osvdb.org/25312
- http://www.securityfocus.com/bid/17890
- http://www.vupen.com/english/advisories/2006/1688
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26313