Sign-up

ID

VAR-200611-0230


CVE

CVE-2006-5828


TITLE

DeltaScripts PHP Classifieds Detail.PHP SQL Injection Vulnerability

Trust: 0.9

sources: BID: 20935 // CNNVD: CNNVD-200611-161

DESCRIPTION

SQL injection vulnerability in detail.php in DeltaScripts PHP Classifieds 7.1 and earlier allows remote attackers to execute arbitrary SQL commands via the user_id parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. This issue affects 7.1 and prior versions; other versions may also be affected. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: PHP Classifieds "user_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA22704 VERIFY ADVISORY: http://secunia.com/advisories/22704/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: >From remote SOFTWARE: PHP Classifieds 7.x http://secunia.com/product/12226/ DESCRIPTION: ajann has discovered a vulnerability in PHP Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "user_id" parameter in detail.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 7.1b. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: ajann ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2006-5828 // JVNDB: JVNDB-2006-001520 // CNVD: CNVD-2006-8413 // BID: 20935 // PACKETSTORM: 51756

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-8413

AFFECTED PRODUCTS

vendor:deltascriptsmodel:php classifiedsscope:eqversion:6.0.5

Trust: 1.9

vendor:deltascriptsmodel:php classifiedsscope:eqversion:7.1

Trust: 1.9

vendor:deltascriptsmodel:php classifiedsscope:eqversion:6.20

Trust: 1.9

vendor:deltascriptsmodel:php classifiedsscope:eqversion:6.18

Trust: 1.9

vendor:deltascriptsmodel:php classifiedsscope:lteversion:7.1

Trust: 0.8

vendor:phpmodel:classifieds deltascriptsscope:eqversion:6.20

Trust: 0.6

vendor:phpmodel:classifieds deltascriptsscope:eqversion:6.18

Trust: 0.6

vendor:phpmodel:classifieds deltascriptsscope:eqversion:6.0.5

Trust: 0.6

vendor:phpmodel:classifieds deltascriptsscope:eqversion:7.1

Trust: 0.6

sources: CNVD: CNVD-2006-8413 // BID: 20935 // JVNDB: JVNDB-2006-001520 // CNNVD: CNNVD-200611-161 // NVD: CVE-2006-5828

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5828
value: HIGH

Trust: 1.0

NVD: CVE-2006-5828
value: HIGH

Trust: 0.8

CNVD: CNVD-2006-8413
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200611-161
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2006-5828
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2006-8413
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2006-8413 // JVNDB: JVNDB-2006-001520 // CNNVD: CNNVD-200611-161 // NVD: CVE-2006-5828

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5828

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-161

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 51756 // CNNVD: CNNVD-200611-161

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001520

PATCH
title:Top Pageurl:http://www.deltascripts.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-001520

EXTERNAL IDS
db:NVDid:CVE-2006-5828
Trust: 3.0
db:BIDid:20935
Trust: 2.5
db:SECUNIAid:22704
Trust: 1.7
db:VUPENid:ADV-2006-4403
Trust: 1.6
db:EXPLOIT-DBid:2720
Trust: 1.6
db:JVNDBid:JVNDB-2006-001520
Trust: 0.8
db:CNVDid:CNVD-2006-8413
Trust: 0.6
db:MILW0RMid:2720
Trust: 0.6
db:XFid:30023
Trust: 0.6
db:CNNVDid:CNNVD-200611-161
Trust: 0.6
db:PACKETSTORMid:51756
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-8413 // 
            
            
            
            BID: 20935 // 
            
            
            
            JVNDB: JVNDB-2006-001520 // 
            
            
            
            PACKETSTORM: 51756 // 
            
            
            
            CNNVD: CNNVD-200611-161 // 
            
            
            
            NVD: CVE-2006-5828

REFERENCES
url:http://www.securityfocus.com/bid/20935
Trust: 1.6
url:http://secunia.com/advisories/22704
Trust: 1.6
url:http://www.vupen.com/english/advisories/2006/4403
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/30023
Trust: 1.0
url:https://www.exploit-db.com/exploits/2720
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5828
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5828
Trust: 0.8
url:http://www.securityfocus.com/bid/20935/exploit
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/30023
Trust: 0.6
url:http://www.milw0rm.com/exploits/2720
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4403
Trust: 0.6
url:http://milw0rm.com/exploits/2720
Trust: 0.6
url:http://www.deltascripts.com/phpclassifieds
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/12226/
Trust: 0.1
url:http://secunia.com/advisories/22704/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2006-8413 // 
            
            
            
            BID: 20935 // 
            
            
            
            JVNDB: JVNDB-2006-001520 // 
            
            
            
            PACKETSTORM: 51756 // 
            
            
            
            CNNVD: CNNVD-200611-161 // 
            
            
            
            NVD: CVE-2006-5828

CREDITS
ajann is credited with the discovery of this vulnerability.
Trust: 0.9
sources:
            
            
            BID: 20935 // 
            
            
            
            CNNVD: CNNVD-200611-161

SOURCES
db:CNVDid:CNVD-2006-8413
db:BIDid:20935
db:JVNDBid:JVNDB-2006-001520
db:PACKETSTORMid:51756
db:CNNVDid:CNNVD-200611-161
db:NVDid:CVE-2006-5828

LAST UPDATE DATE
2024-08-14T14:59:10.131000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2006-8413date:2006-11-09T00:00:00
db:BIDid:20935date:2006-11-07T21:42:00
db:JVNDBid:JVNDB-2006-001520date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-161date:2007-01-10T00:00:00
db:NVDid:CVE-2006-5828date:2017-10-19T01:29:40.910

SOURCES RELEASE DATE
db:CNVDid:CNVD-2006-8413date:2006-11-09T00:00:00
db:BIDid:20935date:2006-11-06T00:00:00
db:JVNDBid:JVNDB-2006-001520date:2012-06-26T00:00:00
db:PACKETSTORMid:51756date:2006-11-08T23:29:38
db:CNNVDid:CNNVD-200611-161date:2006-11-09T00:00:00
db:NVDid:CVE-2006-5828date:2006-11-10T01:07:00