CVE-2006-1278 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2006-1278
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2006-1278

Description: SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/25183 http://xforce.iss.net/xforce/xfdb/43724 http://xforce.iss.net/xforce/xfdb/43718 VIM http://www.attrition.org/pipermail/vim/2009-August/002246.html ST 1015826 SREASON http://securityreason.com/securityalert/619 SAID Secunia Advisory: SA19224 Secunia Advisory: SA31063 OSVDB 24106 23863 23862 23861 23860 23859 23858 23857 23856 23855 23854 23853 23852 23851 47018 47017 23864 MISC http://evuln.com/vulns/95/summary.html MILW0RM http://www.milw0rm.com/exploits/6040 BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/428659/100/0/threaded BID 30182 17090

Return to the previous page.