Vulnerabilities > CVE-2006-0167 - Input Validation vulnerability in Myphpim 01.05
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in MyPhPim 01.05 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter in calendar.php3 and the (2) password field on the login page.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description MyPHPim Login Page pass Field SQL Injection. CVE-2006-0167. Webapps exploit for php platform id EDB-ID:27068 last seen 2016-02-03 modified 2006-01-11 published 2006-01-11 reporter Aliaksandr Hartsuyeu source https://www.exploit-db.com/download/27068/ title MyPHPim Login Page pass Field SQL Injection description MyPHPim calendar.php3 cal_id Parameter SQL Injection. CVE-2006-0167. Webapps exploit for php platform id EDB-ID:27067 last seen 2016-02-03 modified 2006-01-11 published 2006-01-11 reporter Aliaksandr Hartsuyeu source https://www.exploit-db.com/download/27067/ title MyPHPim calendar.php3 cal_id Parameter SQL Injection
References
- http://evuln.com/vulns/22/summary.html
- http://secunia.com/advisories/18399
- http://www.osvdb.org/22324
- http://www.osvdb.org/22325
- http://www.securityfocus.com/archive/1/421863/100/0/threaded
- http://www.securityfocus.com/bid/16210
- http://www.vupen.com/english/advisories/2006/0147
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24066
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24075