Vulnerability Description
SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp, also known as the Kullanici Adi (k_a) and Sifre (sifre) parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Emek Portal | Emek Portal | 2.1 |
References
- http://securityreason.com/securityalert/1700
- http://www.securityfocus.com/archive/1/447914/100/0/threaded
- http://www.securityfocus.com/bid/20378Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29380
- http://securityreason.com/securityalert/1700
- http://www.securityfocus.com/archive/1/447914/100/0/threaded
- http://www.securityfocus.com/bid/20378Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29380
FAQ
What is CVE-2006-5217?
CVE-2006-5217 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows remote attackers to execute arbitrary SQL commands by simultaneously injecting into the user name and pass fields in uyegiris.asp...
How severe is CVE-2006-5217?
CVE-2006-5217 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5217?
Check the references section above for vendor advisories and patch information. Affected products include: Emek Portal Emek Portal.