CVE - CVE-2006-2731

CVE-ID
CVE-2006-2731	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:18148 URL:http://www.securityfocus.com/bid/18148 BUGTRAQ:20060528 Advisory: Enigma Haber <= 4.3 Multiple Remote SQL InjectionVulnerabilities URL:http://www.securityfocus.com/archive/1/435282/100/0/threaded MISC:http://www.nukedx.com/?getxpl=34 MISC:http://www.nukedx.com/?viewdoc=34 OSVDB:26106 URL:~~http://www.osvdb.org/26106~~ (Obsolete source) OSVDB:26107 URL:~~http://www.osvdb.org/26107~~ (Obsolete source) OSVDB:26108 URL:~~http://www.osvdb.org/26108~~ (Obsolete source) OSVDB:26109 URL:~~http://www.osvdb.org/26109~~ (Obsolete source) OSVDB:26110 URL:~~http://www.osvdb.org/26110~~ (Obsolete source) OSVDB:26111 URL:~~http://www.osvdb.org/26111~~ (Obsolete source) OSVDB:26112 URL:~~http://www.osvdb.org/26112~~ (Obsolete source) OSVDB:26113 URL:~~http://www.osvdb.org/26113~~ (Obsolete source) OSVDB:26114 URL:~~http://www.osvdb.org/26114~~ (Obsolete source) OSVDB:26115 URL:~~http://www.osvdb.org/26115~~ (Obsolete source) OSVDB:26116 URL:~~http://www.osvdb.org/26116~~ (Obsolete source) OSVDB:26117 URL:~~http://www.osvdb.org/26117~~ (Obsolete source) OSVDB:26118 URL:~~http://www.osvdb.org/26118~~ (Obsolete source) OSVDB:26119 URL:~~http://www.osvdb.org/26119~~ (Obsolete source) SECTRACK:1016171 URL:http://securitytracker.com/id?1016171 SECUNIA:20357 URL:http://secunia.com/advisories/20357 SREASON:1003 URL:http://securityreason.com/securityalert/1003 VUPEN:ADV-2006-2032 URL:~~http://www.vupen.com/english/advisories/2006/2032~~ (Obsolete source) XF:enigmahaber-multiple-sql-injection(26837) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/26837
Assigning CNA
MITRE Corporation
Date Record Created
20060601	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060601)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)