CVE-2006-1000

G2soft Pentacle In-out Board - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nukedx · perlwebappsasp

https://www.exploit-db.com/exploits/1528

View Code ZIP pw:eip

References (10)

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042524.html

[Exploit, Vendor Advisory] http://securitytracker.com/id?1015682

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/16818

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/426075/100/0/threaded

[Mailing List] http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/042525.html

[Exploit, Vendor Advisory] http://www.nukedx.com/?viewdoc=14

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/426074/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/0749

[Exploit, Vendor Advisory] http://www.nukedx.com/?viewdoc=13

[Exploit, Vendor Advisory] http://secunia.com/advisories/19024

Scores

EPSS 0.0200

EPSS Percentile 83.7%

Details

Status published

Products (1)

g2soft/pentacle_in-out_board 6.03

Published Mar 06, 2006

Tracked Since Feb 18, 2026