Vulnerability Description
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Deltascripts | Pro Publish | 2.0 |
Related Weaknesses (CWE)
References
- http://evuln.com/vulns/130/summary.html
- http://secunia.com/advisories/19882Vendor Advisory
- http://soot.shabgard.org/bugs/propublish.txt
- http://www.osvdb.org/25124
- http://www.osvdb.org/25125
- http://www.osvdb.org/25126
- http://www.osvdb.org/25127
- http://www.securityfocus.com/archive/1/435787/100/0/threaded
- http://www.securityfocus.com/bid/17762
- http://www.vupen.com/english/advisories/2006/1578Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/26148
- http://evuln.com/vulns/130/summary.html
- http://secunia.com/advisories/19882Vendor Advisory
- http://soot.shabgard.org/bugs/propublish.txt
- http://www.osvdb.org/25124
FAQ
What is CVE-2006-2128?
CVE-2006-2128 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str par...
How severe is CVE-2006-2128?
CVE-2006-2128 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-2128?
Check the references section above for vendor advisories and patch information. Affected products include: Deltascripts Pro Publish.