Published: 14/09/2011 Updated: 14/02/2012

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

VMScore: 655

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS 2.6.0 Members Edition and 2.7.0 Trial Edition allow remote authenticated users to execute arbitrary SQL commands via the (1) id parameter in a saved_search action and (2) item_types parameter in a show_item_search action in the search_management_manage subcontroller. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
oneorzero aims 2.7.0
oneorzero aims 2.6.0

[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = OneOrZero AIMS v260 Members Edition Multiple Vulnerabilities Author = Valentin Hoebel Contact = valentin@xenuserorg [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >&g ...

CWE-89 http://www.exploit-db.com/exploits/15519 http://www.xenuser.org/documents/security/OneOrZero_Aims_multiple_vulnerabilities.txt http://secunia.com/advisories/42251 http://packetstormsecurity.org/files/view/95814/oneorzeroaims-lfisql.txt http://securityreason.com/securityalert/8375 https://nvd.nist.gov https://www.exploit-db.com/exploits/15519/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2010-4834

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect