Vulnerabilities > CVE-2006-6709 - Input Validation vulnerability in MGInternet Property Site Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description MGinternet Property Site Manager detail.asp p Parameter SQL Injection. CVE-2006-6709. Webapps exploit for asp platform id EDB-ID:29029 last seen 2016-02-03 modified 2006-11-14 published 2006-11-14 reporter laurent gaffie source https://www.exploit-db.com/download/29029/ title MGinternet Property Site Manager detail.asp p Parameter SQL Injection description MGinternet Property Site Manager admin_login.asp Multiple Field SQL Injection. CVE-2006-6709. Webapps exploit for asp platform id EDB-ID:29031 last seen 2016-02-03 modified 2006-11-14 published 2006-11-14 reporter laurent gaffie source https://www.exploit-db.com/download/29031/ title MGinternet Property Site Manager admin_login.asp Multiple Field SQL Injection description MGinternet Property Site Manager listings.asp Multiple Parameter SQL Injection. CVE-2006-6709. Webapps exploit for asp platform id EDB-ID:29030 last seen 2016-02-03 modified 2006-11-14 published 2006-11-14 reporter laurent gaffie source https://www.exploit-db.com/download/29030/ title MGinternet Property Site Manager listings.asp Multiple Parameter SQL Injection