CVE-2006-3111

Properties

Published:
19.06.2006
Updated:
22.06.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Chipmailer: Chipmailer

Vulnerability description

Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 allow remote attackers to execute arbitrary SQL commands via multiple parameters, as demonstrated by (1) anfang, (2) name, (3) mail, (4) anrede, (5) vorname, (6) nachname, (7) gebtag, (8) gebmonat, and (9) gebjahr.

References:

BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=115024576618386&w=2
FRSIRT: http://www.frsirt.com/english/advisories/2006/2359
SECTRACK: http://securitytracker.com/id?1016315
SECUNIA: http://secunia.com/advisories/20643