Vulnerabilities > CVE-2006-6924 - Parameter Multiple Input Validation vulnerability in Retired: Bitweaver
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
bitweaver 1.3.1 and earlier allows remote attackers to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 5 |
Exploit-Db
description Bitweaver 1.x wiki/orphan_pages.php sort_mode Parameter SQL Injection. CVE-2006-6924. Webapps exploit for php platform id EDB-ID:28964 last seen 2016-02-03 modified 2006-11-10 published 2006-11-10 reporter laurent gaffie source https://www.exploit-db.com/download/28964/ title Bitweaver 1.x wiki/orphan_pages.php sort_mode Parameter SQL Injection description Bitweaver 1.x wiki/list_pages.php sort_mode Parameter SQL Injection. CVE-2006-6924. Webapps exploit for php platform id EDB-ID:28965 last seen 2016-02-03 modified 2006-11-10 published 2006-11-10 reporter laurent gaffie source https://www.exploit-db.com/download/28965/ title Bitweaver 1.x wiki/list_pages.php sort_mode Parameter SQL Injection description Bitweaver 1.x blogs/list_blogs.php sort_mode Parameter SQL Injection. CVE-2006-6924 . Webapps exploit for php platform id EDB-ID:28953 last seen 2016-02-03 modified 2006-11-10 published 2006-11-10 reporter laurent gaffie source https://www.exploit-db.com/download/28953/ title Bitweaver 1.x blogs/list_blogs.php sort_mode Parameter SQL Injection description Bitweaver 1.x fisheye/index.php sort_mode Parameter SQL Injection. CVE-2006-6924 . Webapps exploit for php platform id EDB-ID:28963 last seen 2016-02-03 modified 2006-11-10 published 2006-11-10 reporter laurent gaffie source https://www.exploit-db.com/download/28963/ title Bitweaver 1.x fisheye/index.php sort_mode Parameter SQL Injection