Vulnerability Description
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| G2Soft | Pentacle In-Out Board | 6.03 |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html
- http://secunia.com/advisories/19024ExploitVendor Advisory
- http://securitytracker.com/id?1015682ExploitVendor Advisory
- http://www.nukedx.com/?viewdoc=13ExploitVendor Advisory
- http://www.nukedx.com/?viewdoc=14ExploitVendor Advisory
- http://www.securityfocus.com/archive/1/426074/100/0/threaded
- http://www.securityfocus.com/archive/1/426075/100/0/threaded
- http://www.securityfocus.com/bid/16818ExploitVendor Advisory
- http://www.vupen.com/english/advisories/2006/0749
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html
- http://secunia.com/advisories/19024ExploitVendor Advisory
- http://securitytracker.com/id?1015682ExploitVendor Advisory
- http://www.nukedx.com/?viewdoc=13ExploitVendor Advisory
FAQ
What is CVE-2006-1000?
CVE-2006-1000 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsd...
How severe is CVE-2006-1000?
CVE-2006-1000 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1000?
Check the references section above for vendor advisories and patch information. Affected products include: G2Soft Pentacle In-Out Board.