Vulnerability-Lookup

CVE-2006-2128 (GCVE-0-2006-2128)

Vulnerability from cvelistv5 – Published: 2006-05-01 23:00 – Updated: 2024-08-07 17:35

Summary

Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.osvdb.org/25127	vdb-entryx_refsource_OSVDB
	http://secunia.com/advisories/19882	third-party-advisoryx_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2006/1578	vdb-entryx_refsource_VUPEN
	http://www.securityfocus.com/bid/17762	vdb-entryx_refsource_BID
	http://www.osvdb.org/25126	vdb-entryx_refsource_OSVDB
	http://evuln.com/vulns/130/summary.html	x_refsource_MISC
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/archive/1/435787/100…	mailing-listx_refsource_BUGTRAQ
	http://soot.shabgard.org/bugs/propublish.txt	x_refsource_MISC
	http://www.osvdb.org/25125	vdb-entryx_refsource_OSVDB
	http://www.osvdb.org/25124	vdb-entryx_refsource_OSVDB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T17:35:31.414Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25127",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25127"
          },
          {
            "name": "19882",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/19882"
          },
          {
            "name": "ADV-2006-1578",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/1578"
          },
          {
            "name": "17762",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/17762"
          },
          {
            "name": "25126",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25126"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://evuln.com/vulns/130/summary.html"
          },
          {
            "name": "propublish-multiple-sql-injection(26148)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
          },
          {
            "name": "20060602 Pro Publish SQL Injection and XSS Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://soot.shabgard.org/bugs/propublish.txt"
          },
          {
            "name": "25125",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25125"
          },
          {
            "name": "25124",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/25124"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-04-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "25127",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25127"
        },
        {
          "name": "19882",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/19882"
        },
        {
          "name": "ADV-2006-1578",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/1578"
        },
        {
          "name": "17762",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/17762"
        },
        {
          "name": "25126",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25126"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://evuln.com/vulns/130/summary.html"
        },
        {
          "name": "propublish-multiple-sql-injection(26148)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
        },
        {
          "name": "20060602 Pro Publish SQL Injection and XSS Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://soot.shabgard.org/bugs/propublish.txt"
        },
        {
          "name": "25125",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25125"
        },
        {
          "name": "25124",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/25124"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2128",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "25127",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25127"
            },
            {
              "name": "19882",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/19882"
            },
            {
              "name": "ADV-2006-1578",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/1578"
            },
            {
              "name": "17762",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/17762"
            },
            {
              "name": "25126",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25126"
            },
            {
              "name": "http://evuln.com/vulns/130/summary.html",
              "refsource": "MISC",
              "url": "http://evuln.com/vulns/130/summary.html"
            },
            {
              "name": "propublish-multiple-sql-injection(26148)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
            },
            {
              "name": "20060602 Pro Publish SQL Injection and XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
            },
            {
              "name": "http://soot.shabgard.org/bugs/propublish.txt",
              "refsource": "MISC",
              "url": "http://soot.shabgard.org/bugs/propublish.txt"
            },
            {
              "name": "25125",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25125"
            },
            {
              "name": "25124",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/25124"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-2128",
    "datePublished": "2006-05-01T23:00:00",
    "dateReserved": "2006-05-01T00:00:00",
    "dateUpdated": "2024-08-07T17:35:31.414Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-2128\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-05-01T23:02:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:deltascripts:pro_publish:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F9F7A07-563A-49EB-A3BF-36C12A8B8E52\"}]}]}],\"references\":[{\"url\":\"http://evuln.com/vulns/130/summary.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/19882\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://soot.shabgard.org/bugs/propublish.txt\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25124\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25125\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25126\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/25127\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/435787/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/17762\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1578\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26148\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://evuln.com/vulns/130/summary.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/19882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://soot.shabgard.org/bugs/propublish.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25124\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25125\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25126\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/25127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/435787/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/17762\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/1578\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/26148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2006-2128

Vulnerability from fkie_nvd - Published: 2006-05-01 23:02 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://evuln.com/vulns/130/summary.html
cve@mitre.org	http://secunia.com/advisories/19882	Vendor Advisory
cve@mitre.org	http://soot.shabgard.org/bugs/propublish.txt
cve@mitre.org	http://www.osvdb.org/25124
cve@mitre.org	http://www.osvdb.org/25125
cve@mitre.org	http://www.osvdb.org/25126
cve@mitre.org	http://www.osvdb.org/25127
cve@mitre.org	http://www.securityfocus.com/archive/1/435787/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/17762
cve@mitre.org	http://www.vupen.com/english/advisories/2006/1578	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/26148
af854a3a-2127-422b-91ae-364da2661108	http://evuln.com/vulns/130/summary.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/19882	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://soot.shabgard.org/bugs/propublish.txt
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25124
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25125
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25126
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/25127
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/435787/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/17762
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/1578	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/26148

Impacted products

	Vendor	Product	Version
	deltascripts	pro_publish	2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:deltascripts:pro_publish:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9F7A07-563A-49EB-A3BF-36C12A8B8E52",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php."
    }
  ],
  "id": "CVE-2006-2128",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-05-01T23:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://evuln.com/vulns/130/summary.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19882"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://soot.shabgard.org/bugs/propublish.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25124"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25125"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25126"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/25127"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/17762"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1578"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://evuln.com/vulns/130/summary.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/19882"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://soot.shabgard.org/bugs/propublish.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25124"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25126"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/25127"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/17762"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/1578"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-X76J-WW65-VJ9G

Vulnerability from github – Published: 2022-05-01 06:56 – Updated: 2022-05-01 06:56

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-2128"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-05-01T23:02:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.",
  "id": "GHSA-x76j-ww65-vj9g",
  "modified": "2022-05-01T06:56:11Z",
  "published": "2022-05-01T06:56:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-2128"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
    },
    {
      "type": "WEB",
      "url": "http://evuln.com/vulns/130/summary.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/19882"
    },
    {
      "type": "WEB",
      "url": "http://soot.shabgard.org/bugs/propublish.txt"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25124"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25125"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25126"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/25127"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/17762"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/1578"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

VAR-200605-0504

Vulnerability from variot - Updated: 2025-04-03 22:10

Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions required for the attack An attacker must access DeltaScripts PHP Pro Publish. Vulnerability Information DeltaScripts PHP Pro Publish is a PHP-based article management program. DeltaScripts PHP Pro Publish incorrectly filters URI data submitted by users, and remote attackers can use the vulnerability to obtain sensitive information. The problem is that multiple scripts lack filtering on the web parameters submitted by users, submit malicious SQL data, and can change the original SQL logic, resulting in obtaining sensitive information. Vendor solutions are currently not available: http://www.deltascripts.com/propublish. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

1) Input passed to the "email" and "password" parameters in admin/login.php, to the "find_str" parameter in search.php, and to the "catid" parameter in cat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of certain parameters requires that "magic_quotes_gpc" is disabled.

2) It is possible for the administrative user to inject arbitrary PHP code into the set_inc.php file via specially-crafted input in the "Settings" page.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerabilities have been confirmed in version 2.0. Other versions may also be affected.

SOLUTION: Edit the source code to ensure that input is properly sanitised.

PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu

ORIGINAL ADVISORY: http://evuln.com/vulns/131/summary.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200605-0504",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "pro publish",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "deltascripts",
        "version": "2.0"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.6,
        "vendor": "none",
        "version": null
      },
      {
        "model": "php pro publish",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "deltascripts",
        "version": "2.0"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "db": "BID",
        "id": "17762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "17762"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2006-2128",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2006-2128",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2006-2128",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200605-001",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions required for the attack An attacker must access DeltaScripts PHP Pro Publish. Vulnerability Information DeltaScripts PHP Pro Publish is a PHP-based article management program. DeltaScripts PHP Pro Publish incorrectly filters URI data submitted by users, and remote attackers can use the vulnerability to obtain sensitive information. The problem is that multiple scripts lack filtering on the web parameters submitted by users, submit malicious SQL data, and can change the original SQL logic, resulting in obtaining sensitive information. Vendor solutions are currently not available: http://www.deltascripts.com/propublish. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. \nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \n\n1) Input passed to the \"email\" and \"password\" parameters in\nadmin/login.php, to the \"find_str\" parameter in search.php, and to\nthe \"catid\" parameter in cat.php isn\u0027t properly sanitised before\nbeing used in a SQL query. This can be exploited to manipulate SQL\nqueries by injecting arbitrary SQL code. \n\nSuccessful exploitation of certain parameters requires that\n\"magic_quotes_gpc\" is disabled. \n\n2) It is possible for the administrative user to inject arbitrary PHP\ncode into the set_inc.php file via specially-crafted input in the\n\"Settings\" page. \n\nSuccessful exploitation requires that \"magic_quotes_gpc\" is\ndisabled. \n\nThe vulnerabilities have been confirmed in version 2.0. Other\nversions may also be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nAliaksandr Hartsuyeu\n\nORIGINAL ADVISORY:\nhttp://evuln.com/vulns/131/summary.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "db": "BID",
        "id": "17762"
      },
      {
        "db": "PACKETSTORM",
        "id": "45970"
      }
    ],
    "trust": 0.9
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "17762",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "19882",
        "trust": 2.3
      },
      {
        "db": "OSVDB",
        "id": "25124",
        "trust": 2.2
      },
      {
        "db": "OSVDB",
        "id": "25127",
        "trust": 2.2
      },
      {
        "db": "OSVDB",
        "id": "25126",
        "trust": 2.2
      },
      {
        "db": "OSVDB",
        "id": "25125",
        "trust": 2.2
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-1578",
        "trust": 1.6
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2128",
        "trust": 1.6
      },
      {
        "db": "XF",
        "id": "26148",
        "trust": 1.2
      },
      {
        "db": "CNCVE",
        "id": "CNCVE-20062128",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060602 PRO PUBLISH SQL INJECTION AND XSS VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "45970",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "db": "BID",
        "id": "17762"
      },
      {
        "db": "PACKETSTORM",
        "id": "45970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "id": "VAR-200605-0504",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      }
    ],
    "trust": 0.06
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      }
    ]
  },
  "last_update_date": "2025-04-03T22:10:34.734000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://evuln.com/vulns/130/summary.html"
      },
      {
        "trust": 2.2,
        "url": "http://secunia.com/advisories/19882"
      },
      {
        "trust": 2.2,
        "url": "http://www.osvdb.org/25124"
      },
      {
        "trust": 2.2,
        "url": "http://www.osvdb.org/25125"
      },
      {
        "trust": 2.2,
        "url": "http://www.osvdb.org/25126"
      },
      {
        "trust": 2.2,
        "url": "http://www.osvdb.org/25127"
      },
      {
        "trust": 2.2,
        "url": "http://www.securityfocus.com/bid/17762"
      },
      {
        "trust": 1.6,
        "url": "http://soot.shabgard.org/bugs/propublish.txt"
      },
      {
        "trust": 1.2,
        "url": "http://www.frsirt.com/english/advisories/2006/1578"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/archive/1/435787/100/0/threaded"
      },
      {
        "trust": 1.2,
        "url": "http://xforce.iss.net/xforce/xfdb/26148"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2006/1578"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
      },
      {
        "trust": 0.4,
        "url": "http://evuln.com/vulns/131/summary.html"
      },
      {
        "trust": 0.3,
        "url": "http://www.deltascripts.com/propublish"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/9634/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/19882/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "db": "BID",
        "id": "17762"
      },
      {
        "db": "PACKETSTORM",
        "id": "45970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "db": "BID",
        "id": "17762"
      },
      {
        "db": "PACKETSTORM",
        "id": "45970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "date": "2006-05-01T00:00:00",
        "db": "BID",
        "id": "17762"
      },
      {
        "date": "2006-05-01T17:19:26",
        "db": "PACKETSTORM",
        "id": "45970"
      },
      {
        "date": "2006-05-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "date": "2006-05-01T23:02:00",
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-05-01T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      },
      {
        "date": "2006-05-05T19:15:00",
        "db": "BID",
        "id": "17762"
      },
      {
        "date": "2006-06-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      },
      {
        "date": "2025-04-03T01:03:51.193000",
        "db": "NVD",
        "id": "CVE-2006-2128"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CNVD-2006-2796",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2006-2796"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "45970"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200605-001"
      }
    ],
    "trust": 0.7
  }
}

GSD-2006-2128

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-2128

Aliases

CVE-2006-2128

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-2128",
    "description": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.",
    "id": "GSD-2006-2128"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-2128"
      ],
      "details": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.",
      "id": "GSD-2006-2128",
      "modified": "2023-12-13T01:19:52.789155Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-2128",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "25127",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25127"
          },
          {
            "name": "19882",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/19882"
          },
          {
            "name": "ADV-2006-1578",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/1578"
          },
          {
            "name": "17762",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/17762"
          },
          {
            "name": "25126",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25126"
          },
          {
            "name": "http://evuln.com/vulns/130/summary.html",
            "refsource": "MISC",
            "url": "http://evuln.com/vulns/130/summary.html"
          },
          {
            "name": "propublish-multiple-sql-injection(26148)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
          },
          {
            "name": "20060602 Pro Publish SQL Injection and XSS Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
          },
          {
            "name": "http://soot.shabgard.org/bugs/propublish.txt",
            "refsource": "MISC",
            "url": "http://soot.shabgard.org/bugs/propublish.txt"
          },
          {
            "name": "25125",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25125"
          },
          {
            "name": "25124",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/25124"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:deltascripts:pro_publish:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-2128"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://evuln.com/vulns/130/summary.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://evuln.com/vulns/130/summary.html"
            },
            {
              "name": "17762",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/17762"
            },
            {
              "name": "19882",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/19882"
            },
            {
              "name": "25124",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25124"
            },
            {
              "name": "25126",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25126"
            },
            {
              "name": "25127",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25127"
            },
            {
              "name": "http://soot.shabgard.org/bugs/propublish.txt",
              "refsource": "MISC",
              "tags": [],
              "url": "http://soot.shabgard.org/bugs/propublish.txt"
            },
            {
              "name": "25125",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/25125"
            },
            {
              "name": "ADV-2006-1578",
              "refsource": "VUPEN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/1578"
            },
            {
              "name": "propublish-multiple-sql-injection(26148)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
            },
            {
              "name": "20060602 Pro Publish SQL Injection and XSS Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:38Z",
      "publishedDate": "2006-05-01T23:02Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-2128 (GCVE-0-2006-2128)

FKIE_CVE-2006-2128

GHSA-X76J-WW65-VJ9G

VAR-200605-0504

GSD-2006-2128

Tags

Sightings

Nomenclature