CVE-2006-5217

SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 12:06:00.000-04
Last Modified2018-10-17 05:41:41.000-04

Vulnerable Software List

VendorProductVersions
Emek Portal Emek Portal 2.1

References

SourceLink
SREASON1700
BUGTRAQ20061006 Emek Portal v2.1 SQL Injection
BID20378
XFemek-portal-uyegiris-sql-injection(29380)