CVE-2006-6398 — HIGH (7.5) — White Hats Nepal

Vulnerability Description

Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Superfreaker Studios	Upublisher	1.0

References

http://secunia.com/advisories/22840PatchVendor Advisory
http://www.securityfocus.com/archive/1/453462/100/0/threaded
http://secunia.com/advisories/22840PatchVendor Advisory
http://www.securityfocus.com/archive/1/453462/100/0/threaded

FAQ

What is CVE-2006-6398?

CVE-2006-6398 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printartic...

How severe is CVE-2006-6398?

CVE-2006-6398 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-6398?

Check the references section above for vendor advisories and patch information. Affected products include: Superfreaker Studios Upublisher.