CVE-2006-3559

Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.

Published: Jul 13, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3559
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arif_supriyanto / auracms	1.62	1.62.x

http://h1.ripway.com/lintah/adv/txt/01-iFX-2006-AuraCMS-v1.62-XSS-Bug.txt
http://securityreason.com/securityalert/1226
http://www.osvdb.org/28201
http://www.securityfocus.com/archive/1/439494/100/0/threaded
http://www.securityfocus.com/bid/18867
https://exchange.xforce.ibmcloud.com/vulnerabilities/27705

Vulnerability Database

289,871

CVE-2006-3559