CVE-2006-1541 | Vulnerability Database | Aqua Security

SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and earlier allows remote attackers to execute arbitrary SQL commands and obtain the SHA1 hash of the admin password via the Scheme parameter.

Affected Software

Name	Vendor	Start Version	End Version
Ezaspsite	Ezaspsite	*	2.0_rc3 (including)

References

http://marc.info/?l=full-disclosure\u0026m=114367573519326\u0026w=2
http://secunia.com/advisories/19441
http://www.nukedx.com/?viewdoc=22
http://www.osvdb.org/24256
http://www.securityfocus.com/archive/1/429487/100/0/threaded
http://www.securityfocus.com/bid/17309
http://www.vupen.com/english/advisories/2006/1164
https://exchange.xforce.ibmcloud.com/vulnerabilities/25544
https://www.exploit-db.com/exploits/1623
http://marc.info/?l=full-disclosure\u0026m=114367573519326\u0026w=2
http://secunia.com/advisories/19441
http://www.nukedx.com/?viewdoc=22
http://www.osvdb.org/24256
http://www.securityfocus.com/archive/1/429487/100/0/threaded
http://www.securityfocus.com/bid/17309
http://www.vupen.com/english/advisories/2006/1164
https://exchange.xforce.ibmcloud.com/vulnerabilities/25544
https://www.exploit-db.com/exploits/1623

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-1541
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html