PT-2006-6369 · Enm · Easy Notesmanager

Poplix

Published

2006-11-03

Updated

2018-10-17

CVE-2006-5662

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: easy notesManager (eNM) version 0.0.1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two methods: (1) the username parameter in the "login.php" endpoint, and (2) by performing a search on the "search page."

Recommendations: For easy notesManager (eNM) version 0.0.1, consider restricting access to the login.php endpoint and limiting the functionality of the search feature on the "search page" to minimize the risk of exploitation. Avoid using the username parameter in the login endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-5662

Affected Products

Easy Notesmanager

PT-2006-6369 · Enm · Easy Notesmanager

CVE-2006-5662

Related Identifiers

Affected Products

References · 8