PT-2007-1207 · Rialto · Rialto

Benjamin Moss

+1

·

Published

2007-01-13

·

Updated

2018-10-16

·

CVE-2006-6927

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions: Rialto version 1.6
Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different API endpoints, including:
  • the uname (username) and pword (passwd) fields in "admin/default.asp";
  • the ID parameter to "listfull.asp" or "printmain.asp";
  • the cat parameter to "listmain.asp", "searchoption.asp", or "searchmain.asp";
  • the Keyword parameter to "searchkey.asp";
  • the area parameter to "searchmain.asp" or "searchoption.asp";
  • the searchin parameter to "searchkey.asp";
  • the cost1, cost2, acreage1, or squarefeet1 parameters to "searchoption.asp".
Recommendations: For Rialto version 1.6, consider disabling the SQL execution functionality until a patch is available. Restrict access to the mentioned API endpoints to minimize the risk of exploitation. Avoid using the specified parameters in the affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Related Identifiers

CVE-2006-6927

Affected Products

Rialto