CVE-2006-3559: SQL Injection
First published: Thu Jul 13 2006(Updated: )
Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| auraCMS | =1.62 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-3559?
CVE-2006-3559 is considered to have a high severity due to its potential for remote SQL execution.
How do I fix CVE-2006-3559?
To fix CVE-2006-3559, you should sanitize and validate all user inputs for the name and pesan parameters.
What types of attacks can be performed due to CVE-2006-3559?
CVE-2006-3559 allows attackers to execute arbitrary SQL commands, which may lead to data deletion and unauthorized data access.
Which versions of auraCMS are affected by CVE-2006-3559?
CVE-2006-3559 affects auraCMS version 1.62.
Who is the publisher of auraCMS vulnerable to CVE-2006-3559?
The publisher of the vulnerable auraCMS 1.62 is Arif Supriyanto.
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/arif supriyanto
- canonical/auracms
- version/auracms/1.62