CVE-2006-0608

Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.evuln.com/vulns/60/summary.html	Exploit Vendor Advisory
http://secunia.com/advisories/18793
http://www.securityfocus.com/bid/16586
http://www.osvdb.org/23025
http://www.osvdb.org/23028
https://exchange.xforce.ibmcloud.com/vulnerabilities/24515
https://exchange.xforce.ibmcloud.com/vulnerabilities/24508
http://www.securityfocus.com/archive/1/424827/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:hinton_design:phphd:1.0:*:*:*:*:*:*:*

Information

Published : 2006-02-08 23:02

Updated : 2018-10-19 15:45

NVD link : CVE-2006-0608

Mitre link : CVE-2006-0608

JSON object : View

Products Affected

hinton_design

phphd

CWE

NVD-CWE-Other

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.evuln.com/vulns/60/summary.html", "name": "http://www.evuln.com/vulns/60/summary.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/18793", "name": "18793", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/16586", "name": "16586", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/23025", "name": "23025", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.osvdb.org/23028", "name": "23028", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24515", "name": "phphd-multiple-sql-injection(24515)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24508", "name": "phphd-check-sql-injection(24508)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/424827/100/0/threaded", "name": "20060212 [eVuln] phphd Multiple Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the username parameter to check.php or (2) unknown attack vectors to scripts that display information from the database."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-0608", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2006-02-08T23:02Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hinton_design:phphd:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-19T15:45Z"}