CVE-2006-2255

EPSS 2.4%

Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.

Affected products

n/a · n/a

public PoCs found — 6

exploitdbwww.exploit-db.com/exploits/27831unverified exploitdbwww.exploit-db.com/exploits/27836unverified exploitdbwww.exploit-db.com/exploits/27833unverified exploitdbwww.exploit-db.com/exploits/27832unverified exploitdbwww.exploit-db.com/exploits/27834unverified exploitdbwww.exploit-db.com/exploits/27835unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2006/05/creative-community-portal-vuln.html http://secunia.com/advisories/19999 https://exchange.xforce.ibmcloud.com/vulnerabilities/26313 http://www.osvdb.org/25307 http://www.osvdb.org/25308 http://www.osvdb.org/25309 http://www.osvdb.org/25310 http://www.osvdb.org/25311 http://www.osvdb.org/25312 http://www.securityfocus.com/bid/17890 http://www.vupen.com/english/advisories/2006/1688