Vulnerabilities > CVE-2006-4212 - Multiple vulnerability in B0Zz and Chris Vincent OWL Intranet Engine 0.90
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | CGI abuses |
| NASL id | OWL_091.NASL |
| description | The remote host is running Owl Intranet Engine, a web-based document management system written in PHP. The version of Owl Intranet Engine on the remote host fails to sanitize input to the session id cookie before using it in a database query. Provided PHP |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 22232 |
| published | 2006-08-17 |
| reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/22232 |
| title | Owl Intranet Engine <= 0.91 Multiple Vulnerabilities |
References
- http://jvn.jp/jp/JVN%2339103264/index.html
- http://secunia.com/advisories/21519
- http://sourceforge.net/tracker/index.php?func=detail&aid=1540643&group_id=9444&atid=309444
- http://www.securityfocus.com/bid/19552
- http://www.vupen.com/english/advisories/2006/3285
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28404