ID CVE-2006-1578Type cveReporter cve@mitre.orgModified 2017-07-20T01:30:00
Description
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.
{"id": "CVE-2006-1578", "bulletinFamily": "NVD", "title": "CVE-2006-1578", "description": "Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.", "published": "2006-04-02T21:04:00", "modified": "2017-07-20T01:30:00", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1578", "reporter": "cve@mitre.org", "references": ["http://pridels0.blogspot.com/2006/03/keystone-dls-sql-vuln.html", "https://exchange.xforce.ibmcloud.com/vulnerabilities/25571"], "cvelist": ["CVE-2006-1578"], "type": "cve", "lastseen": "2019-05-29T18:08:31", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "803158fdc23cfc1af61f9d5b3cf278ab"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cpe23", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvelist", "hash": "6701b45257731b4b660a8521afb1b625"}, {"key": "cvss", "hash": "0b87419295d927d4e06fbb2171061bc6"}, {"key": "cvss2", "hash": "bcb39ea622652e3d23ed488b49c7a0bf"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "e0f17c8156e7e908374323632bccb5a6"}, {"key": "href", "hash": "b10a694f4328dc9df08ffc12f036ecfd"}, {"key": "modified", "hash": "6b0619a3e655794e0911204a98b14355"}, {"key": "published", "hash": "569a24242750b8486351447d8919f81f"}, {"key": "references", "hash": "e79b15d79cc1a3e33ac6c4e5befbee60"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "b93013b3616db0334f8820826c48469d"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "66d26ded991b631c5c06fb6eb87488db9f3868d823f017783582ccd6a2f27124", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:24607"]}], "modified": "2019-05-29T18:08:31"}, "score": {"value": 7.5, "vector": "NONE", "modified": "2019-05-29T18:08:31"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": [], "affectedSoftware": [{"name": "index_data_aps keystone_digital_library_suite", "operator": "le", "version": "1.5.4"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": [], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:20:21", "bulletinFamily": "software", "description": "## Manual Testing Notes\n/?subject_type_id=[SQL]\n/search/?number=10&search_type=&subject_type_id=[SQL]\n## References:\nVendor URL: http://www.indexdata.dk/keystone/\nOther Advisory URL: http://pridels.blogspot.com/2006/03/keystone-dls-sql-vuln.html\n[CVE-2006-1578](https://vulners.com/cve/CVE-2006-1578)\n", "modified": "2006-03-31T00:00:00", "published": "2006-03-31T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:24607", "id": "OSVDB:24607", "type": "osvdb", "title": "Keystone DLS index.php subject_type_id Variable SQL Injection", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}
