CVE-2006-1278 Information

Description

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory (3) edit.php and (4) delete.php in control/files/ (5) edit.php and (6) delete.php in control/users/ (7) edit.php (8) access.php and (9) in control/folders/ (10) access.php and (11) delete.php in control/groups/ (12) confirm.php and (13) download.php; (14) the email parameter in password.php and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.

Reference

http://evuln.com/vulns/95/summary.html http://osvdb.org/47017 http://osvdb.org/47018 http://secunia.com/advisories/19224 http://secunia.com/advisories/31063 http://securityreason.com/securityalert/619 http://securitytracker.com/id?1015826 http://www.attrition.org/pipermail/vim/2009-August/002246.html http://www.osvdb.org/23851 http://www.osvdb.org/23852 http://www.osvdb.org/23853 http://www.osvdb.org/23854 http://www.osvdb.org/23855 http://www.osvdb.org/23856 http://www.osvdb.org/23857 http://www.osvdb.org/23858 http://www.osvdb.org/23859 http://www.osvdb.org/23860 http://www.osvdb.org/23861 http://www.osvdb.org/23862 http://www.osvdb.org/23863 http://www.osvdb.org/23864 http://www.osvdb.org/24106 http://www.securityfocus.com/archive/1/428659/100/0/threaded http://www.securityfocus.com/bid/17090 http://www.securityfocus.com/bid/30182 http://www.vupen.com/english/advisories/2006/0943 https://exchange.xforce.ibmcloud.com/vulnerabilities/25183 https://exchange.xforce.ibmcloud.com/vulnerabilities/43718 https://exchange.xforce.ibmcloud.com/vulnerabilities/43724 https://www.exploit-db.com/exploits/6040