CVE-2006-7085 - Vulnerability Details - OpenCVE

Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00279.

Key SSVC decision points have not yet been added.

Vendors	Products
Rigter Portal System	Rigter Portal System

Configuration 1 [-]

OR	cpe:2.3:a:rigter_portal_system:rigter_portal_system:1.0:::::::*
	cpe:2.3:a:rigter_portal_system:rigter_portal_system:2.0:::::::*
	cpe:2.3:a:rigter_portal_system:rigter_portal_system:3.0:::::::*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html
http://securityreason.com/securityalert/2322
http://www.osvdb.org/28640
https://exchange.xforce.ibmcloud.com/vulnerabilities/39972

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-02-27T18:00:00

Updated: 2024-08-07T20:50:06.016Z

Reserved: 2007-02-27T00:00:00

Link: CVE-2006-7085

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-03-02T21:18:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2006-7085

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060719 Multiple Vulnerabilities RPS", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"}, {"name": "28640", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/28640"}, {"name": "rps-addart-xss(39972)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972"}, {"name": "2322", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2322"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7085", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060719 Multiple Vulnerabilities RPS", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"}, {"name": "28640", "refsource": "OSVDB", "url": "http://www.osvdb.org/28640"}, {"name": "rps-addart-xss(39972)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972"}, {"name": "2322", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2322"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T20:50:06.016Z"}, "title": "CVE Program Container", "references": [{"name": "20060719 Multiple Vulnerabilities RPS", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"}, {"name": "28640", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/28640"}, {"name": "rps-addart-xss(39972)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972"}, {"name": "2322", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2322"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7085", "datePublished": "2007-02-27T18:00:00", "dateReserved": "2007-02-27T00:00:00", "dateUpdated": "2024-08-07T20:50:06.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rigter_portal_system:rigter_portal_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D4A417F-9811-40DC-A0FF-87D87B6A3D4E", "vulnerable": true}, {"criteria": "cpe:2.3:a:rigter_portal_system:rigter_portal_system:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "193A55F0-12CA-411D-B01A-9956BF0223A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rigter_portal_system:rigter_portal_system:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "17593283-37A3-41C5-9D14-31705661AD49", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as SQL injection, but this is not likely."}, {"lang": "es", "value": "Rigter Portal System (RPS) 1.0, 2.0 y 3.0 permite a atacantes remotos a\u00f1adir contenido de su elecci\u00f3n y realizar ataques XSS mediante una petici\u00f3n directa al add_art.php. NOTA: esta vulnerabilidad se inform\u00f3 originalmente como una inyecci\u00f3n de SQL, pero esto no es probable."}], "id": "CVE-2006-7085", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-03-02T21:18:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2322"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/28640"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/048006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2322"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.osvdb.org/28640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39972"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}