CyberSec.Space Logo
返回 CVE 浏览器

CVE-2006-6270

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1970%
EPSS Percentile0.83th
Published2006年12月4日
Last Modified2026年4月23日

Vulnerability Description

Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.

Affected Platforms (CPE)

📦
Kervancilar

Aspmforum

All versions

References & Advisories

🔗 http://securityreason.com/securityalert/1963
🔗 http://www.securityfocus.com/archive/1/451958/100/200/threaded
🔗 http://www.securityfocus.com/bid/21113
🔗 http://securityreason.com/securityalert/1963
🔗 http://www.securityfocus.com/archive/1/451958/100/200/threaded
🔗 http://www.securityfocus.com/bid/21113

相关漏洞威胁

CVE-2005-41417.5

Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf para...

CVE-2006-011910.0

Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due...

CVE-2006-623510.0

A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to ...

CVE-2006-012810.0

Buffer overflow in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote attackers to have an unknown impact via un...