QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-1353

Back to search

CVE-2006-1353

Published: Mar 22, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.

VendorProductVersions

n/a

n/a

affected
n/a

References

24091
vdb-entry
x_refsource_OSVDB
19286
third-party-advisory
x_refsource_SECUNIA
24092
vdb-entry
x_refsource_OSVDB
24090
vdb-entry
x_refsource_OSVDB
24086
vdb-entry
x_refsource_OSVDB
608
third-party-advisory
x_refsource_SREASON
24085
vdb-entry
x_refsource_OSVDB
24084
vdb-entry
x_refsource_OSVDB
17174
vdb-entry
x_refsource_BID
ADV-2006-1014
vdb-entry
x_refsource_VUPEN
24020
vdb-entry
x_refsource_OSVDB
24087
vdb-entry
x_refsource_OSVDB
24088
vdb-entry
x_refsource_OSVDB
24089
vdb-entry
x_refsource_OSVDB
1597
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now