CVE-2006-0727
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
16/02/2006
Last modified:
08/03/2011
Description
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:musox:df_msanalysis:1.0.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://dragonflycms.org/Forums/viewtopic/t=14751.html
- http://dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html
- http://dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2
- http://dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22
- http://www.osvdb.org/23060
- http://www.osvdb.org/23250
- http://www.securityfocus.com/bid/16783
- http://www.vupen.com/english/advisories/2006/0688