PT-2006-6786 · Vspin.Net · Vspin.Net Classified System 2004

Benjamin Mosse

Publicado

2006-11-28

Atualizado

2024-02-14

CVE-2006-6152

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions vSpin.net Classified System 2004

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in two different ASP files:

The cat parameter to "cat.asp",
The keyword, order, sort, menuSelect, or state parameters to "search.asp".

Recommendations For vSpin.net Classified System 2004, consider restricting access to the "cat.asp" and "search.asp" files until a patch is available. As a temporary workaround, avoid using the cat, keyword, order, sort, menuSelect, and state parameters in the respective API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2006-6152

Produtos afetados

Vspin.Net Classified System 2004

PT-2006-6786 · Vspin.Net · Vspin.Net Classified System 2004

CVE-2006-6152

Identificadores relacionados

Produtos afetados

Referências · 10