VAR-200605-0504
Vulnerability from variot - Updated: 2025-04-03 22:10Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions required for the attack An attacker must access DeltaScripts PHP Pro Publish. Vulnerability Information DeltaScripts PHP Pro Publish is a PHP-based article management program. DeltaScripts PHP Pro Publish incorrectly filters URI data submitted by users, and remote attackers can use the vulnerability to obtain sensitive information. The problem is that multiple scripts lack filtering on the web parameters submitted by users, submit malicious SQL data, and can change the original SQL logic, resulting in obtaining sensitive information. Vendor solutions are currently not available: http://www.deltascripts.com/propublish. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
1) Input passed to the "email" and "password" parameters in admin/login.php, to the "find_str" parameter in search.php, and to the "catid" parameter in cat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of certain parameters requires that "magic_quotes_gpc" is disabled.
2) It is possible for the administrative user to inject arbitrary PHP code into the set_inc.php file via specially-crafted input in the "Settings" page.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerabilities have been confirmed in version 2.0. Other versions may also be affected.
SOLUTION: Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY: Aliaksandr Hartsuyeu
ORIGINAL ADVISORY: http://evuln.com/vulns/131/summary.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pro publish",
"scope": "eq",
"trust": 1.6,
"vendor": "deltascripts",
"version": "2.0"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "php pro publish",
"scope": "eq",
"trust": 0.3,
"vendor": "deltascripts",
"version": "2.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"db": "BID",
"id": "17762"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aliaksandr Hartsuyeu is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "17762"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2128",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-2128",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2128",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-001",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Harm to remote attackers can use vulnerabilities to obtain sensitive information. Conditions required for the attack An attacker must access DeltaScripts PHP Pro Publish. Vulnerability Information DeltaScripts PHP Pro Publish is a PHP-based article management program. DeltaScripts PHP Pro Publish incorrectly filters URI data submitted by users, and remote attackers can use the vulnerability to obtain sensitive information. The problem is that multiple scripts lack filtering on the web parameters submitted by users, submit malicious SQL data, and can change the original SQL logic, resulting in obtaining sensitive information. Vendor solutions are currently not available: http://www.deltascripts.com/propublish. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. \nA successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. \n\n1) Input passed to the \"email\" and \"password\" parameters in\nadmin/login.php, to the \"find_str\" parameter in search.php, and to\nthe \"catid\" parameter in cat.php isn\u0027t properly sanitised before\nbeing used in a SQL query. This can be exploited to manipulate SQL\nqueries by injecting arbitrary SQL code. \n\nSuccessful exploitation of certain parameters requires that\n\"magic_quotes_gpc\" is disabled. \n\n2) It is possible for the administrative user to inject arbitrary PHP\ncode into the set_inc.php file via specially-crafted input in the\n\"Settings\" page. \n\nSuccessful exploitation requires that \"magic_quotes_gpc\" is\ndisabled. \n\nThe vulnerabilities have been confirmed in version 2.0. Other\nversions may also be affected. \n\nSOLUTION:\nEdit the source code to ensure that input is properly sanitised. \n\nPROVIDED AND/OR DISCOVERED BY:\nAliaksandr Hartsuyeu\n\nORIGINAL ADVISORY:\nhttp://evuln.com/vulns/131/summary.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"db": "BID",
"id": "17762"
},
{
"db": "PACKETSTORM",
"id": "45970"
}
],
"trust": 0.9
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17762",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "19882",
"trust": 2.3
},
{
"db": "OSVDB",
"id": "25124",
"trust": 2.2
},
{
"db": "OSVDB",
"id": "25127",
"trust": 2.2
},
{
"db": "OSVDB",
"id": "25126",
"trust": 2.2
},
{
"db": "OSVDB",
"id": "25125",
"trust": 2.2
},
{
"db": "VUPEN",
"id": "ADV-2006-1578",
"trust": 1.6
},
{
"db": "NVD",
"id": "CVE-2006-2128",
"trust": 1.6
},
{
"db": "XF",
"id": "26148",
"trust": 1.2
},
{
"db": "CNCVE",
"id": "CNCVE-20062128",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2006-2796",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060602 PRO PUBLISH SQL INJECTION AND XSS VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "45970",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"db": "BID",
"id": "17762"
},
{
"db": "PACKETSTORM",
"id": "45970"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"id": "VAR-200605-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
}
]
},
"last_update_date": "2025-04-03T22:10:34.734000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://evuln.com/vulns/130/summary.html"
},
{
"trust": 2.2,
"url": "http://secunia.com/advisories/19882"
},
{
"trust": 2.2,
"url": "http://www.osvdb.org/25124"
},
{
"trust": 2.2,
"url": "http://www.osvdb.org/25125"
},
{
"trust": 2.2,
"url": "http://www.osvdb.org/25126"
},
{
"trust": 2.2,
"url": "http://www.osvdb.org/25127"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/17762"
},
{
"trust": 1.6,
"url": "http://soot.shabgard.org/bugs/propublish.txt"
},
{
"trust": 1.2,
"url": "http://www.frsirt.com/english/advisories/2006/1578"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/archive/1/archive/1/435787/100/0/threaded"
},
{
"trust": 1.2,
"url": "http://xforce.iss.net/xforce/xfdb/26148"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26148"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2006/1578"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/archive/1/435787/100/0/threaded"
},
{
"trust": 0.4,
"url": "http://evuln.com/vulns/131/summary.html"
},
{
"trust": 0.3,
"url": "http://www.deltascripts.com/propublish"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9634/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19882/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"db": "BID",
"id": "17762"
},
{
"db": "PACKETSTORM",
"id": "45970"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"db": "BID",
"id": "17762"
},
{
"db": "PACKETSTORM",
"id": "45970"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"date": "2006-05-01T00:00:00",
"db": "BID",
"id": "17762"
},
{
"date": "2006-05-01T17:19:26",
"db": "PACKETSTORM",
"id": "45970"
},
{
"date": "2006-05-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"date": "2006-05-01T23:02:00",
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-2796"
},
{
"date": "2006-05-05T19:15:00",
"db": "BID",
"id": "17762"
},
{
"date": "2006-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-001"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2128"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CNVD-2006-2796",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-2796"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "45970"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-001"
}
],
"trust": 0.7
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…