SB2006010701 - Multiple vulnerabilities in 427BB

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2006010701

SB2006010701 - Multiple vulnerabilities in 427BB

Published: January 7, 2006

Security Bulletin ID SB2006010701
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 vulnerabilities.


1) SQL injection (CVE-ID: CVE-2006-0154)

CWE-ID: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The weakness exists in showthread.php due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL commands in web application database via the ForumID parameter.

Successful exploitation of the vulnerability may allow an attacker to gain administrative access to vulnerable web application.


2) Authentication bypass issues (CVE-ID: CVE-2006-0153)

CWE-ID: CWE-592 - Authentication Bypass Issues

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Clear


The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to verifying authentication credentials based on the username, authenticated, and usertype cookies. A remote attacker can bypass authentication by using a valid username and usertype and setting the authenticated cookie.


3) Cross-site scripting (CVE-ID: CVE-2006-0155)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


Remediation

Install update from vendor's website.

References