CVE-2006-0624 - SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attacker

CVE-2006-0624

Summary

SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

References

http://secunia.com/advisories/18780
http://securityreason.com/securityalert/418
http://www.osvdb.org/22969
http://www.securityfocus.com/archive/1/424389/100/0/threaded
http://www.securityfocus.com/bid/16544
http://www.vupen.com/english/advisories/2006/0489
https://exchange.xforce.ibmcloud.com/vulnerabilities/24592

Vulnerable Configurations

cpe:2.3:a:webeveyn:whomp_real_estate_manager_xp_2005:*:*:*:*:*:*:*:*
cpe:2.3:a:webeveyn:whomp_real_estate_manager_xp_2005:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 19-10-2018 - 15:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	16544
bugtraq	20060208 Whomp Real Estate Manager XP 2005 Sql Injection
osvdb	22969
secunia	18780
sreason	418
vupen	ADV-2006-0489
xf	whomp-login-sql-injection(24592)

Last major update

19-10-2018 - 15:45

Published

09-02-2006 - 02:02

Last modified

19-10-2018 - 15:45