CVE-2006-5228

Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 05:07:00.000-04
Last Modified2018-10-17 05:41:46.000-04

Vulnerable Software List

VendorProductVersions
Rob Hensley Ackertodo 4.0, 4.2

References

SourceLink
CONFIRMhttp://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?r1=1.3&r2=1.4
CONFIRMhttp://ackertodo.cvs.sourceforge.net/ackertodo/ackertodo/src/gadget/login.php?view=log
SREASON1703
SECTRACK1017008
BUGTRAQ20061005 ackerTodo 4.2 SQL Injection Vulnerability
BID20372
VUPENADV-2006-3951
XFackertodo-login-sql-injection(29375)