PT-2006-6768 · Unknown · Link Exchange Lite

Benjamin Moss

Publicado

2006-11-28

Atualizado

2024-02-14

CVE-2006-6132

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Link Exchange Lite (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via two methods:

the search engine field to the "/search.asp" API endpoint
the psearch parameter to the "/linkslist.asp" API endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6132

Produtos afetados

Link Exchange Lite

PT-2006-6768 · Unknown · Link Exchange Lite

CVE-2006-6132

Identificadores relacionados

Produtos afetados

Referências · 8