Title : Anna IRC Bot Unspecified Parameters Handling Remote SQL Injection Vulnerabilities VUPEN ID : VUPEN/ADV-2006-4708 CVE ID : CVE-2006-6190
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-11-26
Technical Description
Multiple vulnerabilities have been identified in Anna IRC Bot, which may be exploited by remote attackers to execute arbitrary SQL commands. These flaws are due to unspecified input validation errors in the "anna.pl" script that does not validate certain parameters before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
