Vulnerabilities > CVE-2006-0167 - Input Validation vulnerability in Myphpim 01.05

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
myphpim
exploit available

Summary

SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.

Vulnerable Configurations

Part Description Count
Application
Myphpim
1

Exploit-Db

  • descriptionMyPHPim Login Page pass Field SQL Injection. CVE-2006-0167. Webapps exploit for php platform
    idEDB-ID:27068
    last seen2016-02-03
    modified2006-01-11
    published2006-01-11
    reporterAliaksandr Hartsuyeu
    sourcehttps://www.exploit-db.com/download/27068/
    titleMyPHPim Login Page pass Field SQL Injection
  • descriptionMyPHPim calendar.php3 cal_id Parameter SQL Injection. CVE-2006-0167. Webapps exploit for php platform
    idEDB-ID:27067
    last seen2016-02-03
    modified2006-01-11
    published2006-01-11
    reporterAliaksandr Hartsuyeu
    sourcehttps://www.exploit-db.com/download/27067/
    titleMyPHPim calendar.php3 cal_id Parameter SQL Injection