Vulnerabilities > CVE-2006-2499 - Unspecified vulnerability in Xfairguy Codeavalanche News 1.2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN xfairguy
exploit available
Summary
SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | CodeAvalanche News 1.2 Default.ASP SQL Injection Vulnerability. CVE-2006-2499. Webapps exploit for asp platform |
| id | EDB-ID:27898 |
| last seen | 2016-02-03 |
| modified | 2006-05-19 |
| published | 2006-05-19 |
| reporter | omnipresent |
| source | https://www.exploit-db.com/download/27898/ |
| title | CodeAvalanche News 1.2 Default.ASP SQL Injection Vulnerability |
References
- http://colander.altervista.org/advisory/CANews.txt
- http://colander.altervista.org/advisory/CANews.txt
- http://secunia.com/advisories/20171
- http://secunia.com/advisories/20171
- http://www.osvdb.org/25652
- http://www.osvdb.org/25652
- http://www.securityfocus.com/archive/1/434730/100/0/threaded
- http://www.securityfocus.com/archive/1/434730/100/0/threaded
- http://www.securityfocus.com/bid/18031
- http://www.securityfocus.com/bid/18031
- http://www.vupen.com/english/advisories/2006/1870
- http://www.vupen.com/english/advisories/2006/1870
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26586
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26586