← back
CVE-2006-5107

CVE-2006-5107

EPSS 1.1%
Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to execute arbitrary SQL commands via (1) the user_name parameter in admin/forgot_pass.php, (2) the order_id parameter in view_order.php, (3) the view_doc parameter in view_doc.php, and (4) the order_id parameter in admin/print_order.php.
Affected products
n/a · n/a
public PoCs found4
exploitdbwww.exploit-db.com/exploits/28695unverifiedexploitdbwww.exploit-db.com/exploits/28698unverifiedexploitdbwww.exploit-db.com/exploits/28697unverifiedexploitdbwww.exploit-db.com/exploits/28696unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/1662https://exchange.xforce.ibmcloud.com/vulnerabilities/29176http://www.securityfocus.com/archive/1/447009/100/0/threadedhttp://www.securityfocus.com/bid/20215