CVE-2006-1353

Name of the Vulnerable Software and Affected Versions ASPPortal versions 3.1.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different ASP files, including the downloadid parameter in "download click.asp", the content ID parameter in "news/News Item.asp". Authenticated administrators can also conduct attacks through various parameters, such as the user id parameter to "users/add edit user.asp", the bannerid parameter to "banner adds/banner add edit.asp", the cat id parameter to "categories/add edit cat.asp", the Content ID parameter to "News/add edit news.asp", the download id parameter to "downloads/add edit download.asp", the Poll ID parameter to "poll/add edit poll.asp", the contactid parameter to "contactus/contactus add edit.asp", and the sortby parameter to "poll/poll list.asp". Additionally, unspecified inputs to "downloads/add edit download.asp" are also vulnerable.

Recommendations For ASPPortal versions 3.1.1 and earlier, consider disabling the SQL execution functionality in the affected ASP files until a patch is available. Restrict access to the vulnerable parameters, such as downloadid, content ID, user id, bannerid, cat id, Content ID, download id, Poll ID, contactid, and sortby, to minimize the risk of exploitation. Avoid using unspecified inputs to "downloads/add edit download.asp" until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.