Vulnerability Description
Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mainenet Enterprises | Asptopsites | All versions |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0351.html
- http://secunia.com/advisories/18408Vendor Advisory
- http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txtExploitVendor Advisory
- http://www.osvdb.org/22330
- http://www.vupen.com/english/advisories/2006/0146
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24072
- http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0351.html
- http://secunia.com/advisories/18408Vendor Advisory
- http://www.exploitlabs.com/files/advisories/EXPL-A-2006-001-asptopsites.txtExploitVendor Advisory
- http://www.osvdb.org/22330
- http://www.vupen.com/english/advisories/2006/0146
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24072
FAQ
What is CVE-2006-0184?
CVE-2006-0184 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp.
How severe is CVE-2006-0184?
CVE-2006-0184 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-0184?
Check the references section above for vendor advisories and patch information. Affected products include: Mainenet Enterprises Asptopsites.