CVE-2006-1278

critical

Description

SQL injection vulnerability in @1 File Store 2006.03.07 allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) functions.php and (2) user.php in the libs directory, (3) edit.php and (4) delete.php in control/files/, (5) edit.php and (6) delete.php in control/users/, (7) edit.php, (8) access.php, and (9) in control/folders/, (10) access.php and (11) delete.php in control/groups/, (12) confirm.php, and (13) download.php; (14) the email parameter in password.php, and (15) the id parameter in folder.php. NOTE: it was later reported that vectors 12 and 13 also affect @1 File Store PRO 3.2.

References

https://www.exploit-db.com/exploits/6040

https://exchange.xforce.ibmcloud.com/vulnerabilities/43724

https://exchange.xforce.ibmcloud.com/vulnerabilities/43718

https://exchange.xforce.ibmcloud.com/vulnerabilities/25183

http://www.vupen.com/english/advisories/2006/0943

http://www.securityfocus.com/bid/17090

http://www.securityfocus.com/archive/1/428659/100/0/threaded

http://www.osvdb.org/24106

http://www.osvdb.org/23864

http://www.osvdb.org/23863

http://www.osvdb.org/23862

http://www.osvdb.org/23861

http://www.osvdb.org/23860

http://www.osvdb.org/23859

http://www.osvdb.org/23858

http://www.osvdb.org/23857

http://www.osvdb.org/23856

http://www.osvdb.org/23855

http://www.osvdb.org/23854

http://www.osvdb.org/23853

http://www.osvdb.org/23852

http://www.attrition.org/pipermail/vim/2009-August/002246.html

http://secunia.com/advisories/31063

http://secunia.com/advisories/19224

http://osvdb.org/47018

http://osvdb.org/47017

Details

Source: Mitre, NVD

Published: 2006-03-19

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.02319