CVE-2006-3959

EPSS 1.2%

SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/28303unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://downloads.securityfocus.com/vulnerabilities/exploits/x-protection_poc.txt http://secunia.com/advisories/21282 https://exchange.xforce.ibmcloud.com/vulnerabilities/28088 http://www.osvdb.org/27635 http://www.securityfocus.com/bid/19235 http://www.vupen.com/english/advisories/2006/3060