CVE-2006-2179 - Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL

CVE-2006-2179

Summary

Multiple SQL injection vulnerabilities in CyberBuild allow remote attackers to execute arbitrary SQL commands via the (1) SessionID parameter to login.asp or (2) ProductIndex parameter to browse0.htm.

References

http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html
http://secunia.com/advisories/19889
http://www.osvdb.org/25195
http://www.osvdb.org/25196
http://www.securityfocus.com/bid/17829
http://www.vupen.com/english/advisories/2006/1630
https://exchange.xforce.ibmcloud.com/vulnerabilities/26201

Vulnerable Configurations

cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder:*:*:*:*:*:*:*:*
cpe:2.3:a:smartwin_technology:cyberoffice_warehouse_builder:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	17829
misc	http://pridels0.blogspot.com/2006/05/cyberbuild-vuln.html
osvdb	25195 25196
secunia	19889
vupen	ADV-2006-1630
xf	cyberbuild-multiple-sql-injection(26201)

Last major update

20-07-2017 - 01:31

Published

04-05-2006 - 12:38

Last modified

20-07-2017 - 01:31