CVE-2006-4444 in Garooninformation

Résumé

par MITRE

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Réserver

29/08/2006

Divulgation

29/08/2006

Modérer

accepté

Entrée

6

Relier

afficher

CPE

prêt

Exploitation

Télécharger

EPSS

0.02846

KEV

non

Activités

très faible

Sources

Do you need the next level of professionalism?

Upgrade your account now!