返回 CVE 浏览器

CVE-2006-1000

CRITICAL

10.0

CVSS Severity Score

EPSS Score0.0590%

EPSS Percentile44.10th

Published2006年3月6日

Last Modified2026年4月16日

Vulnerability Description

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Affected Platforms (CPE)

📦

G2soft

Pentacle In Out Board

= 6.03

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html

🔗 http://secunia.com/advisories/19024

🔗 http://securitytracker.com/id?1015682

🔗 http://www.nukedx.com/?viewdoc=13

🔗 http://www.nukedx.com/?viewdoc=14

🔗 http://www.securityfocus.com/archive/1/426074/100/0/threaded

🔗 http://www.securityfocus.com/archive/1/426075/100/0/threaded

相关漏洞威胁

CVE-2006-011910.0

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due...

CVE-2006-502510.0

Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner (sHTTPScanner) before 0.2 have unknown impact and attack ve...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2006-012810.0

Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via un...