CVE-2006-1541

SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://marc.info/?l=full-disclosure&m=114367573519326&w=2
http://secunia.com/advisories/19441
http://www.nukedx.com/?viewdoc=22	Exploit
http://www.osvdb.org/24256
http://www.securityfocus.com/archive/1/429487/100/0/threaded
http://www.securityfocus.com/bid/17309
http://www.vupen.com/english/advisories/2006/1164
https://exchange.xforce.ibmcloud.com/vulnerabilities/25544
https://www.exploit-db.com/exploits/1623

Configurations

Configuration 1 (hide)

cpe:2.3:a:ezaspsite:ezaspsite:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-03-30 11:02

Updated : 2024-02-28 10:42

NVD link : CVE-2006-1541

Mitre link : CVE-2006-1541

CVE.ORG link : CVE-2006-1541

JSON object : View

Products Affected

ezaspsite

ezaspsite

CWE

NVD-CWE-Other

{"id": "CVE-2006-1541", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-03-30T11:02:00.000", "references": [{"url": "http://marc.info/?l=full-disclosure&m=114367573519326&w=2", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/19441", "source": "cve@mitre.org"}, {"url": "http://www.nukedx.com/?viewdoc=22", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/24256", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/429487/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17309", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/1164", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25544", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/1623", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en Default.asp en EzASPSite 2.0 RC3 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios y obtener el hash SHA1 de la contrase\u00f1a de admin a trav\u00e9s del par\u00e1metro Scheme."}], "lastModified": "2018-10-18T16:33:20.797", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ezaspsite:ezaspsite:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A88D784-6700-49BD-B4AD-3887EAB385C8", "versionEndIncluding": "2.0_rc3"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}