CVE-2006-1001

SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/19048	Vendor Advisory
http://www.osvdb.org/23533
http://www.securityfocus.com/bid/16836	Exploit Vendor Advisory
http://www.vupen.com/english/advisories/2006/0747
https://exchange.xforce.ibmcloud.com/vulnerabilities/24940
https://www.exploit-db.com/exploits/1526
http://secunia.com/advisories/19048	Vendor Advisory
http://www.osvdb.org/23533
http://www.securityfocus.com/bid/16836	Exploit Vendor Advisory
http://www.vupen.com/english/advisories/2006/0747
https://exchange.xforce.ibmcloud.com/vulnerabilities/24940
https://www.exploit-db.com/exploits/1526

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:lansuite:lanparty_intranet_system:2.0.6:::::::*
	cpe:2.3:a:lansuite:lanparty_intranet_system:2.1:::::::*

History

21 Nov 2024, 00:07

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/19048 - Vendor Advisory~~	() http://secunia.com/advisories/19048 - Vendor Advisory
References	~~() http://www.osvdb.org/23533 -~~	() http://www.osvdb.org/23533 -
References	~~() http://www.securityfocus.com/bid/16836 - Exploit, Vendor Advisory~~	() http://www.securityfocus.com/bid/16836 - Exploit, Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2006/0747 -~~	() http://www.vupen.com/english/advisories/2006/0747 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/24940 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/24940 -
References	~~() https://www.exploit-db.com/exploits/1526 -~~	() https://www.exploit-db.com/exploits/1526 -

Information

Published : 2006-03-06 20:06

Updated : 2024-11-21 00:07

NVD link : CVE-2006-1001

Mitre link : CVE-2006-1001

CVE.ORG link : CVE-2006-1001

JSON object : View

Products Affected

lansuite

lanparty_intranet_system

CWE

NVD-CWE-Other

{"id": "CVE-2006-1001", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-03-06T20:06:00.000", "references": [{"url": "http://secunia.com/advisories/19048", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/23533", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/16836", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0747", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24940", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/1526", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19048", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/23533", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/16836", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2006/0747", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24940", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/1526", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter."}], "lastModified": "2024-11-21T00:07:49.940", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:lansuite:lanparty_intranet_system:2.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B852C044-CC72-474E-BA91-0EED867455C0"}, {"criteria": "cpe:2.3:a:lansuite:lanparty_intranet_system:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C0FE184-F4CA-4403-AE56-27E7328B6C61"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org", "evaluatorSolution": "This vulnerability affects Lansuite, LanParty Intranet System version 2.1 (Beta) & LanSuite, LanParty Intranet System versions 2.0.6 and previous."}