9.2 High
AI Score
Confidence
Low
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.
CPE | Name | Operator | Version |
---|---|---|---|
upoint:\@1_file_store | upoint \@1 file store | eq | 2006.03.07 |
evuln.com/vulns/95/summary.html
osvdb.org/47017
osvdb.org/47018
secunia.com/advisories/19224
secunia.com/advisories/31063
securityreason.com/securityalert/619
securitytracker.com/id?1015826
www.attrition.org/pipermail/vim/2009-August/002246.html
www.osvdb.org/23851
www.osvdb.org/23852
www.osvdb.org/23853
www.osvdb.org/23854
www.osvdb.org/23855
www.osvdb.org/23856
www.osvdb.org/23857
www.osvdb.org/23858
www.osvdb.org/23859
www.osvdb.org/23860
www.osvdb.org/23861
www.osvdb.org/23862
www.osvdb.org/23863
www.osvdb.org/23864
www.osvdb.org/24106
www.securityfocus.com/archive/1/428659/100/0/threaded
www.securityfocus.com/bid/17090
www.securityfocus.com/bid/30182
www.vupen.com/english/advisories/2006/0943
exchange.xforce.ibmcloud.com/vulnerabilities/25183
exchange.xforce.ibmcloud.com/vulnerabilities/43718
exchange.xforce.ibmcloud.com/vulnerabilities/43724
www.exploit-db.com/exploits/6040