CVE-2006-6132

Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://s-a-p.ca/index.php?page=OurAdvisories&id=53	Exploit Vendor Advisory URL Repurposed
http://www.securityfocus.com/bid/21239	Exploit
http://secunia.com/advisories/23068	Exploit Vendor Advisory
http://securityreason.com/securityalert/1920
http://www.vupen.com/english/advisories/2006/4656
https://exchange.xforce.ibmcloud.com/vulnerabilities/30460
http://www.securityfocus.com/archive/1/452256/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*

History

14 Feb 2024, 01:17

Type	Values Removed	Values Added
References	~~(MISC) http://s-a-p.ca/index.php?page=OurAdvisories&id=53 - Exploit, Vendor Advisory~~	(MISC) http://s-a-p.ca/index.php?page=OurAdvisories&id=53 - Exploit, Vendor Advisory, URL Repurposed

Information

Published : 2006-11-28 01:07

Updated : 2024-02-14 01:17

NVD link : CVE-2006-6132

Mitre link : CVE-2006-6132

JSON object : View

Products Affected

softacid

link_exchange_lite

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53", "name": "http://s-a-p.ca/index.php?page=OurAdvisories&id=53", "tags": ["Exploit", "Vendor Advisory", "URL Repurposed"], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/21239", "name": "21239", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/23068", "name": "23068", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securityreason.com/securityalert/1920", "name": "1920", "tags": [], "refsource": "SREASON"}, {"url": "http://www.vupen.com/english/advisories/2006/4656", "name": "ADV-2006-4656", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30460", "name": "linkexchangelite-linkslist-sql-injection(30460)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/452256/100/0/threaded", "name": "20061121 Link Exchange Lite [injection sql]", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-6132", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-11-28T01:07Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-02-14T01:17Z"}