Details of VAR-200605-0504

ID

VAR-200605-0504

CVE

CVE-2006-2128

TITLE

CNVD-2006-2796

Trust: 0.6

sources: CNVD: CNVD-2006-2796

DESCRIPTION

Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions required for the attack An attacker must access DeltaScripts PHP Pro Publish. Vulnerability Information DeltaScripts PHP Pro Publish is a PHP-based article management program. DeltaScripts PHP Pro Publish incorrectly filters URI data submitted by users, and remote attackers can use the vulnerability to obtain sensitive information. The problem is that multiple scripts lack filtering on the web parameters submitted by users, submit malicious SQL data, and can change the original SQL logic, resulting in obtaining sensitive information. Vendor solutions are currently not available: http://www.deltascripts.com/propublish. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. 1) Input passed to the "email" and "password" parameters in admin/login.php, to the "find_str" parameter in search.php, and to the "catid" parameter in cat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of certain parameters requires that "magic_quotes_gpc" is disabled. 2) It is possible for the administrative user to inject arbitrary PHP code into the set_inc.php file via specially-crafted input in the "Settings" page. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu ORIGINAL ADVISORY: http://evuln.com/vulns/131/summary.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.9

sources: CNVD: CNVD-2006-2796 // BID: 17762 // PACKETSTORM: 45970

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2006-2796

AFFECTED PRODUCTS

vendor:	deltascripts	model:	pro publish	scope:	eq	version:	2.0	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	deltascripts	model:	php pro publish	scope:	eq	version:	2.0	Trust: 0.3

sources: CNVD: CNVD-2006-2796 // BID: 17762 // CNNVD: CNNVD-200605-001 // NVD: CVE-2006-2128

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2128
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200605-001
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2006-2128
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200605-001 // NVD: CVE-2006-2128

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.0

sources: NVD: CVE-2006-2128

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-001

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 45970 // CNNVD: CNNVD-200605-001

EXTERNAL IDS

db:	BID	id:	17762	Trust: 2.5
db:	SECUNIA	id:	19882	Trust: 2.3
db:	OSVDB	id:	25124	Trust: 2.2
db:	OSVDB	id:	25127	Trust: 2.2
db:	OSVDB	id:	25126	Trust: 2.2
db:	OSVDB	id:	25125	Trust: 2.2
db:	VUPEN	id:	ADV-2006-1578	Trust: 1.6
db:	NVD	id:	CVE-2006-2128	Trust: 1.6
db:	XF	id:	26148	Trust: 1.2
db:	CNCVE	id:	CNCVE-20062128	Trust: 0.6
db:	CNVD	id:	CNVD-2006-2796	Trust: 0.6
db:	BUGTRAQ	id:	20060602 PRO PUBLISH SQL INJECTION AND XSS VULNERABILITIES	Trust: 0.6
db:	CNNVD	id:	CNNVD-200605-001	Trust: 0.6
db:	PACKETSTORM	id:	45970	Trust: 0.1

sources: CNVD: CNVD-2006-2796 // BID: 17762 // PACKETSTORM: 45970 // CNNVD: CNNVD-200605-001 // NVD: CVE-2006-2128

REFERENCES

url:	http://evuln.com/vulns/130/summary.html	Trust: 2.2
url:	http://secunia.com/advisories/19882	Trust: 2.2
url:	http://www.osvdb.org/25124	Trust: 2.2
url:	http://www.osvdb.org/25125	Trust: 2.2
url:	http://www.osvdb.org/25126	Trust: 2.2
url:	http://www.osvdb.org/25127	Trust: 2.2
url:	http://www.securityfocus.com/bid/17762	Trust: 2.2
url:	http://soot.shabgard.org/bugs/propublish.txt	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2006/1578	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/archive/1/435787/100/0/threaded	Trust: 1.2
url:	http://xforce.iss.net/xforce/xfdb/26148	Trust: 1.2
url:	http://www.securityfocus.com/archive/1/435787/100/0/threaded	Trust: 1.0
url:	http://www.vupen.com/english/advisories/2006/1578	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26148	Trust: 1.0
url:	http://evuln.com/vulns/131/summary.html	Trust: 0.4
url:	http://www.deltascripts.com/propublish	Trust: 0.3
url:	http://secunia.com/product/9634/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19882/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2006-2796 // BID: 17762 // PACKETSTORM: 45970 // CNNVD: CNNVD-200605-001 // NVD: CVE-2006-2128

CREDITS

Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities.

Trust: 0.9

sources: BID: 17762 // CNNVD: CNNVD-200605-001

SOURCES

db:	CNVD	id:	CNVD-2006-2796
db:	BID	id:	17762
db:	PACKETSTORM	id:	45970
db:	CNNVD	id:	CNNVD-200605-001
db:	NVD	id:	CVE-2006-2128

LAST UPDATE DATE

2024-08-14T14:00:16.873000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-2796	date:	2006-05-01T00:00:00
db:	BID	id:	17762	date:	2006-05-05T19:15:00
db:	CNNVD	id:	CNNVD-200605-001	date:	2006-06-08T00:00:00
db:	NVD	id:	CVE-2006-2128	date:	2018-10-18T16:38:19.223

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-2796	date:	2006-05-01T00:00:00
db:	BID	id:	17762	date:	2006-05-01T00:00:00
db:	PACKETSTORM	id:	45970	date:	2006-05-01T17:19:26
db:	CNNVD	id:	CNNVD-200605-001	date:	2006-05-01T00:00:00
db:	NVD	id:	CVE-2006-2128	date:	2006-05-01T23:02:00