CVE-2006-6132 - Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbit

CVE-2006-6132

Summary

Multiple SQL injection vulnerabilities in Link Exchange Lite allow remote attackers to execute arbitrary SQL commands via (1) the search engine field to search.asp and (2) psearch parameter to linkslist.asp.

References

http://s-a-p.ca/index.php?page=OurAdvisories&id=53
http://www.securityfocus.com/bid/21239
http://secunia.com/advisories/23068
http://securityreason.com/securityalert/1920
http://www.vupen.com/english/advisories/2006/4656
https://exchange.xforce.ibmcloud.com/vulnerabilities/30460
http://www.securityfocus.com/archive/1/452256/100/0/threaded

Vulnerable Configurations

cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*
cpe:2.3:a:softacid:link_exchange_lite:1.0:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	21239
bugtraq	20061121 Link Exchange Lite [injection sql]
misc	http://s-a-p.ca/index.php?page=OurAdvisories&id=53
secunia	23068
sreason	1920
vupen	ADV-2006-4656
xf	linkexchangelite-linkslist-sql-injection(30460)

Last major update

14-02-2024 - 01:17

Published

28-11-2006 - 01:07

Last modified

14-02-2024 - 01:17