Details of VAR-200605-0505

ID

VAR-200605-0505

CVE

CVE-2006-2129

TITLE

Pro Publish set_inc.php Direct Static Code Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2006-2817 // CNNVD: CNNVD-200605-014

DESCRIPTION

Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php. Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions required for the attack An attacker must access DeltaScripts PHP Pro Publish. Vulnerability Information DeltaScripts PHP Pro Publish is a PHP-based article management program. The problem is that multiple scripts lack filtering on the web parameters submitted by users, submit malicious SQL data, and can change the original SQL logic, resulting in obtaining sensitive information. Vendor solutions are currently not available: http://www.deltascripts.com/propublish. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. 1) Input passed to the "email" and "password" parameters in admin/login.php, to the "find_str" parameter in search.php, and to the "catid" parameter in cat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of certain parameters requires that "magic_quotes_gpc" is disabled. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerabilities have been confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu ORIGINAL ADVISORY: http://evuln.com/vulns/131/summary.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2006-2129 // CNVD: CNVD-2006-2817 // CNVD: CNVD-2006-2796 // BID: 17762 // PACKETSTORM: 45970

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2006-2817 // CNVD: CNVD-2006-2796

AFFECTED PRODUCTS

vendor:	deltascripts	model:	pro publish	scope:	eq	version:	2.0	Trust: 1.6
vendor:	pro	model:	publish deltascripts	scope:	eq	version:	2.0	Trust: 0.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	deltascripts	model:	php pro publish	scope:	eq	version:	2.0	Trust: 0.3

sources: CNVD: CNVD-2006-2817 // CNVD: CNVD-2006-2796 // BID: 17762 // CNNVD: CNNVD-200605-014 // NVD: CVE-2006-2129

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-2129
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2006-2817
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200605-014
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2006-2129
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
CNVD:	CNVD-2006-2817
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2006-2817 // CNNVD: CNNVD-200605-014 // NVD: CVE-2006-2129

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-2129

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-014

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200605-014

EXTERNAL IDS

db:	BID	id:	17762	Trust: 3.1
db:	SECUNIA	id:	19882	Trust: 2.3
db:	NVD	id:	CVE-2006-2129	Trust: 2.2
db:	VUPEN	id:	ADV-2006-1578	Trust: 1.6
db:	OSVDB	id:	25128	Trust: 1.6
db:	CNVD	id:	CNVD-2006-2817	Trust: 0.6
db:	OSVDB	id:	25124	Trust: 0.6
db:	OSVDB	id:	25127	Trust: 0.6
db:	OSVDB	id:	25126	Trust: 0.6
db:	OSVDB	id:	25125	Trust: 0.6
db:	XF	id:	26148	Trust: 0.6
db:	CNCVE	id:	CNCVE-20062128	Trust: 0.6
db:	CNVD	id:	CNVD-2006-2796	Trust: 0.6
db:	XF	id:	26149	Trust: 0.6
db:	CNNVD	id:	CNNVD-200605-014	Trust: 0.6
db:	PACKETSTORM	id:	45970	Trust: 0.1

sources: CNVD: CNVD-2006-2817 // CNVD: CNVD-2006-2796 // BID: 17762 // PACKETSTORM: 45970 // CNNVD: CNNVD-200605-014 // NVD: CVE-2006-2129

REFERENCES

url:	http://www.securityfocus.com/bid/17762	Trust: 2.8
url:	http://evuln.com/vulns/130/summary.html	Trust: 2.2
url:	http://secunia.com/advisories/19882	Trust: 2.2
url:	http://www.osvdb.org/25128	Trust: 1.6
url:	http://www.frsirt.com/english/advisories/2006/1578	Trust: 1.2
url:	http://www.vupen.com/english/advisories/2006/1578	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/26149	Trust: 1.0
url:	http://www.osvdb.org/25124	Trust: 0.6
url:	http://www.osvdb.org/25125	Trust: 0.6
url:	http://www.osvdb.org/25126	Trust: 0.6
url:	http://www.osvdb.org/25127	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/435787/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26148	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/26149	Trust: 0.6
url:	http://evuln.com/vulns/131/summary.html	Trust: 0.4
url:	http://www.deltascripts.com/propublish	Trust: 0.3
url:	http://secunia.com/product/9634/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/19882/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2006-2817 // CNVD: CNVD-2006-2796 // BID: 17762 // PACKETSTORM: 45970 // CNNVD: CNNVD-200605-014 // NVD: CVE-2006-2129

CREDITS

Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities.

Trust: 0.9

sources: BID: 17762 // CNNVD: CNNVD-200605-014

SOURCES

db:	CNVD	id:	CNVD-2006-2817
db:	CNVD	id:	CNVD-2006-2796
db:	BID	id:	17762
db:	PACKETSTORM	id:	45970
db:	CNNVD	id:	CNNVD-200605-014
db:	NVD	id:	CVE-2006-2129

LAST UPDATE DATE

2024-08-14T14:00:16.835000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-2817	date:	2006-05-01T00:00:00
db:	CNVD	id:	CNVD-2006-2796	date:	2006-05-01T00:00:00
db:	BID	id:	17762	date:	2006-05-05T19:15:00
db:	CNNVD	id:	CNNVD-200605-014	date:	2009-04-03T00:00:00
db:	NVD	id:	CVE-2006-2129	date:	2017-07-20T01:31:12.350

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2006-2817	date:	2006-05-01T00:00:00
db:	CNVD	id:	CNVD-2006-2796	date:	2006-05-01T00:00:00
db:	BID	id:	17762	date:	2006-05-01T00:00:00
db:	PACKETSTORM	id:	45970	date:	2006-05-01T17:19:26
db:	CNNVD	id:	CNNVD-200605-014	date:	2006-05-01T00:00:00
db:	NVD	id:	CVE-2006-2129	date:	2006-05-01T23:02:00