CVE-2006-3430: SQL Injection
First published: Fri Jul 07 2006(Updated: )
SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Micro Focus ZENworks | <=6.2 | |
| Lumension PatchLink Update Server | =6.2.0.181 | |
| Lumension PatchLink Update Server | =6.1 | |
| Lumension PatchLink Update Server | =6.2.0.189 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://securitytracker.com/id?1016405
- http://secunia.com/advisories/20876
- http://secunia.com/advisories/20878
- http://www.securityfocus.com/bid/18715
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/047495.html
- http://securityreason.com/securityalert/1200
- http://www.vupen.com/english/advisories/2006/2595
- http://www.vupen.com/english/advisories/2006/2596
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27545
- http://www.securityfocus.com/archive/1/438710/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3430?
The severity of CVE-2006-3430 is classified as high due to the potential for remote attackers to execute arbitrary SQL commands.
How do I fix CVE-2006-3430?
To fix CVE-2006-3430, upgrade to Lumension PatchLink Update Server version 6.1 P1 or 6.2 SR1 P1, or Novell ZENworks version 6.2 SR1 or later.
What are the affected versions of Lumension PatchLink Update Server for CVE-2006-3430?
Affected versions of Lumension PatchLink Update Server for CVE-2006-3430 include 6.1 prior to P1 and 6.2.0.181 and 6.2.0.189 prior to SR1 P1.
Which Novell ZENworks versions are impacted by CVE-2006-3430?
CVE-2006-3430 impacts Novell ZENworks versions 6.2 SR1 and earlier.
What is the nature of the vulnerability described in CVE-2006-3430?
CVE-2006-3430 is identified as an SQL injection vulnerability that allows remote attackers to manipulate SQL commands using the agentid parameter.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/novell
- canonical/micro focus zenworks
- version/micro focus zenworks/6.2
- vendor/lumension
- canonical/lumension patchlink update server
- version/lumension patchlink update server/6.2.0.181
- version/lumension patchlink update server/6.1
- version/lumension patchlink update server/6.2.0.189