CVE-2006-0610 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
2200net	2200net Calendar

Configuration 1 [-]

cpe:2.3:a:2200net:2200net_calendar:1.2:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=114003781801861&w=2
http://secunia.com/advisories/18781
http://www.evuln.com/vulns/62/summary.html
http://www.osvdb.org/23037
http://www.osvdb.org/23038
http://www.securityfocus.com/archive/1/425094/100/0/threaded
http://www.securityfocus.com/bid/16569
http://www.vupen.com/english/advisories/2006/0486
https://exchange.xforce.ibmcloud.com/vulnerabilities/24483
https://exchange.xforce.ibmcloud.com/vulnerabilities/24484

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-09T00:00:00

Updated: 2024-08-07T16:41:28.980Z

Reserved: 2006-02-08T00:00:00

Link: CVE-2006-0610

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-02-09T00:02:00.000

Modified: 2024-11-21T00:06:54.590

Link: CVE-2006-0610

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0486", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0486"}, {"name": "2200net-adminlogin-sql-injection(24484)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484"}, {"name": "16569", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16569"}, {"tags": ["x_refsource_MISC"], "url": "http://www.evuln.com/vulns/62/summary.html"}, {"name": "23038", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23038"}, {"name": "18781", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18781"}, {"name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/425094/100/0/threaded"}, {"name": "23037", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23037"}, {"name": "2200net-calendar-sql-injection(24483)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483"}, {"name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=114003781801861&w=2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0610", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0486", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0486"}, {"name": "2200net-adminlogin-sql-injection(24484)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484"}, {"name": "16569", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16569"}, {"name": "http://www.evuln.com/vulns/62/summary.html", "refsource": "MISC", "url": "http://www.evuln.com/vulns/62/summary.html"}, {"name": "23038", "refsource": "OSVDB", "url": "http://www.osvdb.org/23038"}, {"name": "18781", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18781"}, {"name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425094/100/0/threaded"}, {"name": "23037", "refsource": "OSVDB", "url": "http://www.osvdb.org/23037"}, {"name": "2200net-calendar-sql-injection(24483)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483"}, {"name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=114003781801861&w=2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:41:28.980Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-0486", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0486"}, {"name": "2200net-adminlogin-sql-injection(24484)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484"}, {"name": "16569", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16569"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.evuln.com/vulns/62/summary.html"}, {"name": "23038", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/23038"}, {"name": "18781", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18781"}, {"name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/425094/100/0/threaded"}, {"name": "23037", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/23037"}, {"name": "2200net-calendar-sql-injection(24483)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483"}, {"name": "20060215 [eVuln] 2200net Calendar system SQL Injection and Authentication", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=114003781801861&w=2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0610", "datePublished": "2006-02-09T00:00:00", "dateReserved": "2006-02-08T00:00:00", "dateUpdated": "2024-08-07T16:41:28.980Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:2200net:2200net_calendar:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "4736F3C5-2E8F-4371-96CD-A5BA7ED8EFA6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpc_magic_quotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the fm_data[id] parameter to calendar.php and (2) the $ad['acc'] variable in adminlogin.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en 2200net Calendar system 1.2, con gpc_magic_quotes incapacitado, permiten a atacantes remotos ejecutar comandos SQL arbitrarios y eludir la autenticaci\u00f3n a trav\u00e9s de (1) el par\u00e1metro fm_data[id] para calendar.php y (2) la variable $ad['acc'] en adminlogin.php."}], "id": "CVE-2006-0610", "lastModified": "2024-11-21T00:06:54.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-02-09T00:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=114003781801861&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18781"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.evuln.com/vulns/62/summary.html"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23037"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23038"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425094/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/16569"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0486"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=114003781801861&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18781"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.evuln.com/vulns/62/summary.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425094/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/16569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24483"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24484"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}