CVE-2006-3111 - Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to exec

CVE-2006-3111

Summary

Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.

References

http://marc.info/?l=bugtraq&m=115024576618386&w=2
http://secunia.com/advisories/20643
http://securitytracker.com/id?1016315
http://www.securityfocus.com/bid/18463
http://www.vupen.com/english/advisories/2006/2359
https://exchange.xforce.ibmcloud.com/vulnerabilities/27158

Vulnerable Configurations

cpe:2.3:a:chipmailer:chipmailer:1.09:*:*:*:*:*:*:*
cpe:2.3:a:chipmailer:chipmailer:1.09:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	18463
bugtraq	20060613 Chipmailer <= 1.09 Multiple Vulnerabilities
sectrack	1016315
secunia	20643
vupen	ADV-2006-2359
xf	chipmailer-main-index-sql-injection(27158)

Last major update

20-07-2017 - 01:32

Published

21-06-2006 - 01:02

Last modified

20-07-2017 - 01:32