PT-2006-6611 · Funkyasp · Funkyasp Glossary
Benjamin Moss
+1
·
Published
2006-11-17
·
Updated
2024-02-14
·
CVE-2006-5946
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
FunkyASP Glossary version 1.0
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the
alpha parameter in the demo/glossary/glossary.asp file.Recommendations
For FunkyASP Glossary version 1.0, consider restricting access to the vulnerable
glossary.asp file until a patch is available. As a temporary workaround, avoid using the alpha parameter in the affected endpoint.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Funkyasp Glossary