CVE-2006-5954

Netvios < 2.0 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/2780

View Code ZIP pw:eip

exploitdb WORKING POC

webappsasp

https://www.exploit-db.com/exploits/3520

View on exploitdb

References (6)

[Vendor Advisory] http://secunia.com/advisories/22901

[Third Party Advisory, VDB Entry] http://www.osvdb.org/30411

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/30277

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21088

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2780

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4517

Scores

EPSS 0.0275

EPSS Percentile 85.8%

Classification

Status draft

Affected Products (1)

netvios/netvios < 2.0

Timeline

Published Nov 17, 2006

Tracked Since Feb 18, 2026