Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Apps :: b06-1268.htm

Maian Support Authentication Bypass
Maian Support Authentication Bypass
Maian Support Authentication Bypass

New eVuln Advisory:
Maian Support Authentication Bypass 

eVuln ID: EV0103
CVE: CVE-2006-1259
Software: Maian Support
Sowtware's Web Site: 
Versions: 1.0
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched. Developer(s) contacted.
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (

Vulnerable script: admin/index.php

Parameters email, pass are not properly sanitized before being used in SQL query. This can be used to bypass authentication using SQL injection or make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

Available at: 

No Patch available.

Discovered by: Aliaksandr Hartsuyeu (

Aliaksandr Hartsuyeu - Penetration Testing Services 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH