Vulnerabilities > CVE-2006-6924 - Parameter Multiple Input Validation vulnerability in Retired: Bitweaver

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
bitweaver
exploit available
NVD
Published: 2007-01-13
Updated: 2017-07-29

Summary

bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.

Vulnerable Configurations

Part Description Count
Application
Bitweaver
5

Exploit-Db

  • descriptionBitweaver 1.x wiki/orphan_pages.php sort_mode Parameter SQL Injection. CVE-2006-6924. Webapps exploit for php platform
    idEDB-ID:28964
    last seen2016-02-03
    modified2006-11-10
    published2006-11-10
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28964/
    titleBitweaver 1.x wiki/orphan_pages.php sort_mode Parameter SQL Injection
  • descriptionBitweaver 1.x wiki/list_pages.php sort_mode Parameter SQL Injection. CVE-2006-6924. Webapps exploit for php platform
    idEDB-ID:28965
    last seen2016-02-03
    modified2006-11-10
    published2006-11-10
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28965/
    titleBitweaver 1.x wiki/list_pages.php sort_mode Parameter SQL Injection
  • descriptionBitweaver 1.x blogs/list_blogs.php sort_mode Parameter SQL Injection. CVE-2006-6924 . Webapps exploit for php platform
    idEDB-ID:28953
    last seen2016-02-03
    modified2006-11-10
    published2006-11-10
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28953/
    titleBitweaver 1.x blogs/list_blogs.php sort_mode Parameter SQL Injection
  • descriptionBitweaver 1.x fisheye/index.php sort_mode Parameter SQL Injection. CVE-2006-6924 . Webapps exploit for php platform
    idEDB-ID:28963
    last seen2016-02-03
    modified2006-11-10
    published2006-11-10
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/28963/
    titleBitweaver 1.x fisheye/index.php sort_mode Parameter SQL Injection

References