Vulnerabilities > CVE-2006-6387 - Input Validation vulnerability in Link CMS

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
link-content-management-server
exploit available
NVD
Published: 2006-12-08
Updated: 2017-07-29

Summary

Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Configurations

Part Description Count
Application
Link_Content_Management_Server
1

Exploit-Db

  • descriptionLink CMS navigacija.php IDMeniGlavni Parameter SQL Injection. CVE-2006-6387 . Webapps exploit for php platform
    idEDB-ID:29232
    last seen2016-02-03
    modified2006-11-18
    published2006-11-18
    reporterIvan Markovic
    sourcehttps://www.exploit-db.com/download/29232/
    titleLink CMS navigacija.php IDMeniGlavni Parameter SQL Injection
  • descriptionLink CMS prikazInformacije.php IDStranicaPodaci Parameter SQL Injection. CVE-2006-6387. Webapps exploit for php platform
    idEDB-ID:29233
    last seen2016-02-03
    modified2006-11-18
    published2006-11-18
    reporterIvan Markovic
    sourcehttps://www.exploit-db.com/download/29233/
    titleLink CMS prikazInformacije.php IDStranicaPodaci Parameter SQL Injection

References