CVE-2006-6094
CVE-2006-6094
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/29089unverifiedexploitdbwww.exploit-db.com/exploits/29090unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://marc.info/?l=bugtraq&m=116388432326444&w=2http://s-a-p.ca/index.php?page=OurAdvisories&id=31http://secunia.com/advisories/22981http://securityreason.com/securityalert/1910https://exchange.xforce.ibmcloud.com/vulnerabilities/30352http://www.aria-security.com/forum/showthread.php?t=33http://www.osvdb.org/30518http://www.osvdb.org/30519http://www.osvdb.org/30520http://www.securityfocus.com/archive/1/451884/100/100/threadedhttp://www.securityfocus.com/archive/1/452015http://www.securityfocus.com/bid/21167