CVE-2006-3474

EPSS 1.1%

Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to (a) gbrowse.php, (2) card_id parameter to (b) rating.php and (c) create.php, and the (3) event_id parameter to (d) search.php.

Affected products

n/a · n/a

public PoCs found — 4

exploitdbwww.exploit-db.com/exploits/28121unverified exploitdbwww.exploit-db.com/exploits/28119unverified exploitdbwww.exploit-db.com/exploits/28120unverified exploitdbwww.exploit-db.com/exploits/28122unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://securityreason.com/securityalert/1230 https://exchange.xforce.ibmcloud.com/vulnerabilities/27427 http://www.securityfocus.com/archive/1/438589/100/100/threaded http://www.securityfocus.com/bid/18699