Vulnerabilities > CVE-2006-6090 - Unspecified vulnerability in Baalasp Smart Form Portal

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

baalasp

NVD

Published: 2006-11-24

Updated: 2024-02-14

Summary

Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.

Vulnerable Configurations

Part	Description	Count
Application	Baalasp Baalasp Smart Form Portal *	1

References

http://s-a-p.ca/index.php?page=OurAdvisories&id=35
http://www.securityfocus.com/bid/21111
http://secunia.com/advisories/22943
http://securityreason.com/securityalert/1913
http://www.vupen.com/english/advisories/2006/4579
https://exchange.xforce.ibmcloud.com/vulnerabilities/30343
https://exchange.xforce.ibmcloud.com/vulnerabilities/30342
http://www.securityfocus.com/archive/1/451846/100/100/threaded