CVE-2006-6478

EPSS 9.4%

Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php.

Affected products

n/a · n/a

public PoCs found — 3

exploitdbwww.exploit-db.com/exploits/29246unverified exploitdbwww.exploit-db.com/exploits/29252unverified exploitdbwww.exploit-db.com/exploits/29253unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/23318 http://securityreason.com/securityalert/2019 https://exchange.xforce.ibmcloud.com/vulnerabilities/30803 http://www.securityfocus.com/archive/1/453966/100/0/threaded http://www.securityfocus.com/bid/21514 http://www.vupen.com/english/advisories/2006/4940