Vulnerabilities > CVE-2006-6925 - Input Validation vulnerability in Bitweaver
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the message title field when submitting an article to articles/edit.php, (2) the message title field when submitting a blog post to blogs/post.php, or (3) the message description field when editing in the Sandbox in wiki/edit.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | Bitweaver 1.x fisheye/list_galleries.php sort_mode Parameter SQL Injection. CVE-2006-6925. Webapps exploit for php platform |
| id | EDB-ID:28954 |
| last seen | 2016-02-03 |
| modified | 2006-11-10 |
| published | 2006-11-10 |
| reporter | laurent gaffie |
| source | https://www.exploit-db.com/download/28954/ |
| title | Bitweaver 1.x fisheye/list_galleries.php sort_mode Parameter SQL Injection |
References
- http://archives.neohapsis.com/archives/bugtraq/2006-11/0142.html
- http://secunia.com/advisories/22793
- http://securityreason.com/securityalert/2144
- http://www.securityfocus.com/bid/20988
- http://www.securityfocus.com/bid/20996
- http://www.vupen.com/english/advisories/2006/4485
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30167