CVE-2006-1353
published 2006-03-22CVE-2006-1353: Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.27%
89.9th percentile
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aspportal | aspportal | <= 4.0.0_beta | — |
| aspportal | aspportal | — | — |
| aspportal | aspportal | — | — |
| aspportal | aspportal | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-mjqf-j4hm-rr6g: SQL injection vulnerability in default1
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-5879 [HIGH] GHSA-mjqf-j4hm-rr6g: SQL injection vulnerability in default1
SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.
GHSA
GHSA-q6h5-qrfw-97jg: Multiple SQL injection vulnerabilities in ASPPortal 3
ghsa_unreviewed·2022-05-01
CVE-2006-1353 [HIGH] GHSA-q6h5-qrfw-97jg: Multiple SQL injection vulnerabilities in ASPPortal 3
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.htmlhttp://secunia.com/advisories/19286http://securityreason.com/securityalert/608http://www.nukedx.com/?viewdoc=21http://www.osvdb.org/24020http://www.osvdb.org/24084http://www.osvdb.org/24085http://www.osvdb.org/24086http://www.osvdb.org/24087http://www.osvdb.org/24088http://www.osvdb.org/24089http://www.osvdb.org/24090http://www.osvdb.org/24091http://www.osvdb.org/24092http://www.securityfocus.com/archive/1/428355/100/0/threadedhttp://www.securityfocus.com/archive/1/428615/100/0/threadedhttp://www.securityfocus.com/bid/17174http://www.vupen.com/english/advisories/2006/1014https://exchange.xforce.ibmcloud.com/vulnerabilities/25346https://www.exploit-db.com/exploits/1597http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1402.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2006-03/1431.htmlhttp://secunia.com/advisories/19286http://securityreason.com/securityalert/608http://www.nukedx.com/?viewdoc=21http://www.osvdb.org/24020http://www.osvdb.org/24084http://www.osvdb.org/24085http://www.osvdb.org/24086http://www.osvdb.org/24087http://www.osvdb.org/24088http://www.osvdb.org/24089http://www.osvdb.org/24090http://www.osvdb.org/24091http://www.osvdb.org/24092http://www.securityfocus.com/archive/1/428355/100/0/threadedhttp://www.securityfocus.com/archive/1/428615/100/0/threadedhttp://www.securityfocus.com/bid/17174http://www.vupen.com/english/advisories/2006/1014https://exchange.xforce.ibmcloud.com/vulnerabilities/25346https://www.exploit-db.com/exploits/1597
2006-03-22
Published