Vulnerabilities > CVE-2006-5054 - SQL Injection vulnerability in Iyzi Forum Uye_Ayrinti.ASP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
iyzi-forum
exploit available

Summary

SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the uye_nu parameter.

Vulnerable Configurations

Part Description Count
Application
Iyzi_Forum
1

Exploit-Db

descriptioniyzi Forum <= 1.0 Beta 3 (uye_ayrinti.asp) Remote SQL Injection. CVE-2006-5054. Webapps exploit for asp platform
fileexploits/asp/webapps/2423.txt
idEDB-ID:2423
last seen2016-01-31
modified2006-09-24
platformasp
port
published2006-09-24
reporterFix TR
sourcehttps://www.exploit-db.com/download/2423/
titleiyzi Forum <= 1.0 Beta 3 uye_ayrinti.asp Remote SQL Injection
typewebapps