Advertisement






Vegas Forum SQL Injection Vulnerability

CVE Category Price Severity
CVE-2006-1020 CWE-89 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2006-03-23
CPE
cpe:cpe:/a:vegas_forum:software
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.05679 0.73951

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006030066

Below is a copy:

New eVuln Advisory:
Vegas Forum SQL Injection Vulnerability
http://evuln.com/vulns/90/summary.html

--------------------Summary----------------
eVuln ID: EV0090
CVE: CVE-2006-1020
Software: Vegas Forum
Sowtware's Web Site: http://www.battlereports.com/downloads.php
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable script: forumlib.php

Variable $postid isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.

--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/90/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum