CVE-2006-0074

EPSS 2.5%

SQL injection vulnerability in profile.php in PHPenpals allows remote attackers to execute arbitrary SQL commands via the personalID parameter. NOTE: it was later reported that 1.1 and earlier are affected.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/8706unverified exploitdbwww.exploit-db.com/exploits/27002unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://evuln.com/vulns/5/summary.html http://secunia.com/advisories/18269 https://www.exploit-db.com/exploits/8706 http://www.osvdb.org/22150 http://www.securityfocus.com/archive/1/420690/100/0/threaded http://www.securityfocus.com/bid/16109 http://www.vupen.com/english/advisories/2006/0005