Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-0731

6 documents4 sources
Severity
4.0MEDIUM
EPSS
6.0%
top 9.28%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SAP Business Connector
Timeline
PublishedFeb 16
Latest updateMay 1

Description

WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

NVDsap/business_connectorcore_fix_7

🔴Vulnerability Details

2
GHSA
GHSA-5383-fm28-rp7h: WmRoot/adapter-index2022-05-01
CVEList
CVE-2006-0731: WmRoot/adapter-index2006-02-16

💥Exploits & PoCs

3
Exploit-DB
SAP Business Connector 4.6/4.7 - 'adapter-index.dsp?url' Arbitrary Site Redirect2006-02-15
Exploit-DB
SAP Business Connector 4.6/4.7 - 'chopSAPLog.dsp?fullName' Arbitrary File Disclosure2006-02-15
Exploit-DB
SAP Business Connector 4.6/4.7 - 'deleteSingle?fullName' Arbitrary File Deletion2006-02-15
CVE-2006-0731 (MEDIUM CVSS 4) | WmRoot/adapter-index.dsp in SAP Bus | cvebase.io