Vulnerabilities > CVE-2006-4836 - Input Validation vulnerability in Codeworx Technologies Dcp-Portal Se6.0
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227. if magic_qoutes_gpc = off
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | DCP-Portal 6.0 login.php username Parameter SQL Injection. CVE-2006-4836 . Webapps exploit for php platform |
| id | EDB-ID:28573 |
| last seen | 2016-02-03 |
| modified | 2006-09-14 |
| published | 2006-09-14 |
| reporter | HACKERS PAL |
| source | https://www.exploit-db.com/download/28573/ |
| title | DCP-Portal 6.0 login.php username Parameter SQL Injection |