Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2731

Published: 01/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.

Vulnerable Product Search on Vulmon Subscribe to Product

enigma haber enigma haber

enigma haber enigma haber 4.2

Exploits

Exploit DB: Enigma Haber 4.3 - Multiple SQL Injections
Enigma Haber <= 43 Multiple Remote SQL Injection Vulnerabilities Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedxcom web: wwwnukedxcom This exploits works on Enigma Haber <= 43 Original advisory can be found at: wwwnukedxcom/?viewdoc=34 [site]/enigmadir/e_mesaj_yazasp?id=1879586820+UNION+SELECT+0,sifre,2,3,4,5,6,7,8,9,10 ...

References

NVD-CWE-Otherhttp://www.nukedx.com/?getxpl=34http://www.nukedx.com/?viewdoc=34http://www.securityfocus.com/bid/18148http://securitytracker.com/id?1016171http://secunia.com/advisories/20357http://securityreason.com/securityalert/1003http://www.vupen.com/english/advisories/2006/2032http://www.osvdb.org/26109http://www.osvdb.org/26108http://www.osvdb.org/26106http://www.osvdb.org/26107http://www.osvdb.org/26110http://www.osvdb.org/26111http://www.osvdb.org/26115http://www.osvdb.org/26114http://www.osvdb.org/26113http://www.osvdb.org/26112http://www.osvdb.org/26116http://www.osvdb.org/26118http://www.osvdb.org/26117http://www.osvdb.org/26119https://exchange.xforce.ibmcloud.com/vulnerabilities/26837http://www.securityfocus.com/archive/1/435282/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/1840/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectCVE-2024-34001CVE-2024-37018LFICVE-2024-1275CVE-2024-1086CSRFCVE-2024-31030CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook