Vulnerabilities > CVE-2006-6927 - SQL Injection and Cross-Site Scripting vulnerability in Grandora Rialto 1.6

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
grandora
exploit available
NVD
Published: 2007-01-13
Updated: 2018-10-16

Summary

Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information.

Vulnerable Configurations

Part Description Count
Application
Grandora
1

Exploit-Db

  • descriptionGrandora Rialto 1.6 /admin/default.asp Multiple Field SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29107
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29107/
    titleGrandora Rialto 1.6 /admin/default.asp Multiple Field SQL Injection
  • descriptionGrandora Rialto 1.6 searchmain.asp Multiple Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29112
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29112/
    titleGrandora Rialto 1.6 - searchmain.asp Multiple Parameter SQL Injection
  • descriptionGrandora Rialto 1.6 listmain.asp cat Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29109
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29109/
    titleGrandora Rialto 1.6 listmain.asp cat Parameter SQL Injection
  • descriptionGrandora Rialto 1.6 searchkey.asp Multiple Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29111
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29111/
    titleGrandora Rialto 1.6 - searchkey.asp Multiple Parameter SQL Injection
  • descriptionGrandora Rialto 1.6 listfull.asp ID Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29108
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29108/
    titleGrandora Rialto 1.6 listfull.asp ID Parameter SQL Injection
  • descriptionGrandora Rialto 1.6 searchoption.asp Multiple Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29113
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29113/
    titleGrandora Rialto 1.6 - searchoption.asp Multiple Parameter SQL Injection
  • descriptionGrandora Rialto 1.6 printmain.asp ID Parameter SQL Injection. CVE-2006-6927. Webapps exploit for asp platform
    idEDB-ID:29110
    last seen2016-02-03
    modified2006-11-20
    published2006-11-20
    reporterlaurent gaffie
    sourcehttps://www.exploit-db.com/download/29110/
    titleGrandora Rialto 1.6 printmain.asp ID Parameter SQL Injection

References