Vulnerabilities > CVE-2006-6911 - SQL-Injection vulnerability in Digitizing Quote and Ordering System Digitizing Quote and Ordering System 1.0

047910
CVSS 6.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
digitizing-quote-and-ordering-system
exploit available
NVD
Published: 2006-12-31
Updated: 2017-10-19

Summary

SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter.

Vulnerable Configurations

Part Description Count
Application
Digitizing_Quote_And_Ordering_System
1

Exploit-Db

descriptionQUOTE&ORDERING SYSTEM 1.0 (ordernum) Multiple Vulnerabilities. CVE-2006-6911,CVE-2007-0144. Webapps exploit for asp platform
fileexploits/asp/webapps/3089.txt
idEDB-ID:3089
last seen2016-01-31
modified2007-01-05
platformasp
port
published2007-01-05
reporterajann
sourcehttps://www.exploit-db.com/download/3089/
titleQUOTE&ORDERING; SYSTEM 1.0 ordernum Multiple Vulnerabilities
typewebapps

References