CVE-2006-7115

Current Description

SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote attackers to inject arbitrary SQL commands via the catid parameter to include.php when the path parameter is set to faq/faq.php, and other unspecified vectors involving guestbook/print.php.

Basic Data

PublishedMarch 06, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationPhpkitPhpkit1.6.1rc2******

Vulnerable Software List

VendorProductVersions
Phpkit Phpkit 1.6.1

References

NameSourceURLTags
17479http://secunia.com/advisories/17479SECUNIAVendor Advisory
2357http://securityreason.com/securityalert/2357SREASON
http://www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_(faq-faq.php)_Remote_SQL_Injection_Exploit.htmhttp://www.bb-pcsecurity.de/websecurity/532/org/PHPKit_1.6.1_RC2_(faq-faq.php)_Remote_SQL_Injection_MISC
31265http://www.osvdb.org/31265OSVDB
20061110 PHPKit 1.6.1 RC2 (faq/faq.php) Remote SQL Injection Exploithttp://www.securityfocus.com/archive/1/451304/100/0/threadedBUGTRAQ
21002http://www.securityfocus.com/bid/21002BIDExploit
phpkit-faq-sql-injection(30209)https://exchange.xforce.ibmcloud.com/vulnerabilities/30209XF