CVE-2006-6478

Properties

Published:
10.12.2006
Updated:
22.10.2018
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
scriptphp: annoncescripthp

Vulnerability description

Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.

References:

SREASON: http://securityreason.com/securityalert/2019
BUGTRAQ: http://www.securityfocus.com/archive/1/453966/100/0/threaded
BID: http://www.securityfocus.com/bid/21514
VUPEN: http://www.vupen.com/english/advisories/2006/4940
XF: https://exchange.xforce.ibmcloud.com/vulnerabilities/30803