CVE-2006-1706

EPSS 2.3%

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

Affected products

n/a · n/a

public PoCs found — 3

exploitdbwww.exploit-db.com/exploits/27613unverified exploitdbwww.exploit-db.com/exploits/27612unverified exploitdbwww.exploit-db.com/exploits/27614unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html http://secunia.com/advisories/19593 https://exchange.xforce.ibmcloud.com/vulnerabilities/25723 https://exchange.xforce.ibmcloud.com/vulnerabilities/25724 http://www.osvdb.org/24470 http://www.osvdb.org/24471 http://www.osvdb.org/24472 http://www.osvdb.org/24473 http://www.securityfocus.com/bid/17441 http://www.vupen.com/english/advisories/2006/1291