Vulnerability Description
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or the (3) search parameter to search.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Baalasp | Smart Form Portal | All versions |
References
- http://s-a-p.ca/index.php?page=OurAdvisories&id=35ExploitVendor AdvisoryURL Repurposed
- http://secunia.com/advisories/22943Vendor Advisory
- http://securityreason.com/securityalert/1913
- http://www.securityfocus.com/archive/1/451846/100/100/threaded
- http://www.securityfocus.com/bid/21111Exploit
- http://www.vupen.com/english/advisories/2006/4579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30342
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30343
- http://s-a-p.ca/index.php?page=OurAdvisories&id=35ExploitVendor AdvisoryURL Repurposed
- http://secunia.com/advisories/22943Vendor Advisory
- http://securityreason.com/securityalert/1913
- http://www.securityfocus.com/archive/1/451846/100/100/threaded
- http://www.securityfocus.com/bid/21111Exploit
- http://www.vupen.com/english/advisories/2006/4579
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30342
FAQ
What is CVE-2006-6090?
CVE-2006-6090 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password para...
How severe is CVE-2006-6090?
CVE-2006-6090 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6090?
Check the references section above for vendor advisories and patch information. Affected products include: Baalasp Smart Form Portal.