← back
CVE-2006-3963

CVE-2006-3963

EPSS 1.1%
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/28307unverifiedexploitdbwww.exploit-db.com/exploits/28306unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=full-disclosure&m=115423462216111&w=2http://www.securityfocus.com/bid/19240