Vulnerabilities > CVE-2006-2794 - Remote Security vulnerability in Aspsitem 1.83

047910
CVSS 7.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
aspsitem
exploit available
NVD
Published: 2006-06-03
Updated: 2018-10-18

Summary

Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter.

Vulnerable Configurations

Part Description Count
Application
Aspsitem
2

Exploit-Db

descriptionASPSitem <= 2.0 Remote (SQL Injection / DB Disclosure) Vulnerabilities. CVE-2006-2793,CVE-2006-2794. Webapps exploit for asp platform
idEDB-ID:1845
last seen2016-01-31
modified2006-05-28
published2006-05-28
reporternukedx
sourcehttps://www.exploit-db.com/download/1845/
titleASPSitem <= 2.0 - Remote SQL Injection / DB Disclosure Vulnerabilities

References