CVE

Id
23031  
CVE No.
CVE-2006-6927  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the uname (username) and (2) pword (passwd) fields in (a) admin/default.asp; the (3) ID parameter to (b) listfull.asp or (c) printmain.asp; the (4) cat parameter to (d) listmain.asp, (e) searchoption.asp, or (f) searchmain.asp; the (5) Keyword parameter to (g) searchkey.asp; the (6) area parameter to searchmain.asp or searchoption.asp; the (7) searchin parameter to searchkey.asp; or the (8) cost1, (9) cost2, (10) acreage1, or (11) squarefeet1 parameters to searchoption.asp. NOTE: some of these details are obtained from third party information.  
Phase
Assigned (20070112)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
222388 23031 CVE-2006-6927 BUGTRAQ:20061120 Rialto 1.6[admin login bypass & multiples injections sql]  View
222389 23031 CVE-2006-6927 URL:http://www.securityfocus.com/archive/1/archive/1/452112/100/0/threaded  View
222390 23031 CVE-2006-6927 BID:21191  View
222391 23031 CVE-2006-6927 URL:http://www.securityfocus.com/bid/21191  View
222392 23031 CVE-2006-6927 VUPEN:ADV-2006-4630  View
222393 23031 CVE-2006-6927 URL:http://www.vupen.com/english/advisories/2006/4630  View
222394 23031 CVE-2006-6927 SECUNIA:23049  View
222395 23031 CVE-2006-6927 URL:http://secunia.com/advisories/23049  View
222396 23031 CVE-2006-6927 SREASON:2143  View
222397 23031 CVE-2006-6927 URL:http://securityreason.com/securityalert/2143  View
222398 23031 CVE-2006-6927 XF:rialto-multiple-scripts-sql-injection(30424)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
52545 JVNDB-2007-001237 Rapid Classified におけるクロスサイトスクリプティングの脆弱性 Rapid Classified には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2006-6929 23031 6.8 http://jvndb.jvn.jp/ja/contents/2007/JVNDB-2007-001237.html  View