CVE-2006-6478

Properties

Published:
10.12.2006
Updated:
12.12.2006
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:C/I:C/A:C/B:N)
Product:
SCRIPTPHP: AnnonceScriptHP

Vulnerability description

Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/453966/100/0/threaded
BID: http://www.securityfocus.com/bid/21514