Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-6924

Published: 13/01/2007 Updated: 29/07/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 520
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Bitweaver

Vulnerability Summary

bitweaver 1.3.1 and previous versions allows remote malicious users to obtain sensitive information via a sort_mode=-98 query string to (1) blogs/list_blogs.php, (2) fisheye/index.php, (3) wiki/orphan_pages.php, or (4) wiki/list_pages.php, which forces a SQL error. NOTE: the fisheye/list_galleries.php vector is already covered by CVE-2005-4380.

Vulnerable Product Search on Vulmon Subscribe to Product

bitweaver bitweaver 1.2.1

bitweaver bitweaver 1.3

bitweaver bitweaver 1.3.1

bitweaver bitweaver 1.1

bitweaver bitweaver 1.1.1_beta

Exploits

Exploit DB: Bitweaver 1.x - '/blogs/list_blogs.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, ...
Exploit DB: Bitweaver 1.x - '/fisheye/index.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify d ...
Exploit DB: Bitweaver 1.x - '/wiki/list_pages.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modi ...
Exploit DB: Bitweaver 1.x - '/wiki/orphan_pages.php?sort_mode' SQL Injection
source: wwwsecurityfocuscom/bid/20996/info Bitweaver is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify ...

References

NVD-CWE-Otherhttp://archives.neohapsis.com/archives/bugtraq/2006-11/0142.htmlhttp://www.securityfocus.com/bid/20996http://secunia.com/advisories/22793http://securityreason.com/securityalert/2144http://www.vupen.com/english/advisories/2006/4485https://exchange.xforce.ibmcloud.com/vulnerabilities/30165https://nvd.nist.govhttps://www.exploit-db.com/exploits/28953/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook