Vulnerabilities > CVE-2006-4861 - SQL-Injection vulnerability in Mohammed Mehdi Panjwani Complain Center 1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mohammed-mehdi-panjwani

Summary

SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi Panjwani Complain Center 1 allows remote attackers to execute arbitrary SQL commands via the (1) TxtUser (aka Username) and (2) TxtPass (aka Password) parameters in login.asp.

Vulnerable Configurations

Part Description Count
Application
Mohammed_Mehdi_Panjwani
1