CVE-2006-6349

CVSS V2 High 7.5 CVSS V3 None
Description
Multiple SQL injection vulnerabilities in PWP Technologies The Classified Ad System allow remote attackers to execute arbitrary SQL commands via (1) the main parameter in a view action (includes/mainpage/view.asp) in default.asp or (2) a query in the search engine.
Overview
  • CVE ID
  • CVE-2006-6349
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2006-12-07T01:28:00
  • Last Modified Date
  • 2018-10-17T21:47:51
Weakness Enumerations
CWE URL
CWE-89 http://cwe.mitre.org/data/definitions/89.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:pwp_technologies:the_classified_ad_system:*:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:P/I:P/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • PARTIAL
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • PARTIAL
  • Base Score
  • 7.5
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.4
References
Reference URL Reference Tags
http://secunia.com/advisories/23289 Vendor Advisory
http://www.securityfocus.com/bid/21758
http://www.securityfocus.com/bid/21198
http://securityreason.com/securityalert/1975
http://www.vupen.com/english/advisories/2006/5192 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/30443
https://www.exploit-db.com/exploits/3015
http://www.securityfocus.com/archive/1/452194/100/200/threaded
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2006-6349
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6349
History
Created Old Value New Value Data Type Notes
2022-05-10 18:10:42 Added to TrackCVE