← back
CVE-2006-6095

CVE-2006-6095

EPSS 1.4%
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.
Affected products
n/a · n/a
public PoCs found2
exploitdbwww.exploit-db.com/exploits/29086unverifiedexploitdbwww.exploit-db.com/exploits/29087unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=116387481223790&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/30352http://www.aria-security.com/forum/showthread.php?t=33http://www.osvdb.org/31568http://www.osvdb.org/31569http://www.securityfocus.com/bid/21167