Vulnerability Description
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kervancilar | Aspmforum | All versions |
References
- http://securityreason.com/securityalert/1963
- http://www.securityfocus.com/archive/1/451958/100/200/threaded
- http://www.securityfocus.com/bid/21113
- http://securityreason.com/securityalert/1963
- http://www.securityfocus.com/archive/1/451958/100/200/threaded
- http://www.securityfocus.com/bid/21113
FAQ
What is CVE-2006-6270?
CVE-2006-6270 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (...
How severe is CVE-2006-6270?
CVE-2006-6270 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6270?
Check the references section above for vendor advisories and patch information. Affected products include: Kervancilar Aspmforum.