Vulnerabilities > CVE-2006-6709 - Input Validation vulnerability in MGInternet Property Site Manager

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
mginternet
exploit available
NVD
Published: 2006-12-23
Updated: 2017-07-29

Summary

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Mginternet
1

Exploit-Db

  • descriptionMGinternet Property Site Manager detail.asp p Parameter SQL Injection. CVE-2006-6709. Webapps exploit for asp platform
    idEDB-ID:29029
    last seen2016-02-03
    modified2006-11-14
    published2006-11-14
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29029/
    titleMGinternet Property Site Manager detail.asp p Parameter SQL Injection
  • descriptionMGinternet Property Site Manager admin_login.asp Multiple Field SQL Injection. CVE-2006-6709. Webapps exploit for asp platform
    idEDB-ID:29031
    last seen2016-02-03
    modified2006-11-14
    published2006-11-14
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29031/
    titleMGinternet Property Site Manager admin_login.asp Multiple Field SQL Injection
  • descriptionMGinternet Property Site Manager listings.asp Multiple Parameter SQL Injection. CVE-2006-6709. Webapps exploit for asp platform
    idEDB-ID:29030
    last seen2016-02-03
    modified2006-11-14
    published2006-11-14
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29030/
    titleMGinternet Property Site Manager listings.asp Multiple Parameter SQL Injection

References