Vulnerabilities > CVE-2006-0491 - SQL Injection vulnerability in Subzane Szusermgnt 1.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
subzane
exploit available
NVD
Published: 2006-02-01
Updated: 2018-10-19

Summary

SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Vulnerable Configurations

Part Description Count
Application
Subzane
1

Exploit-Db

descriptionSZUserMgnt 1.4 Username Parameter SQL Injection Vulnerability. CVE-2006-0491. Webapps exploit for php platform
idEDB-ID:27156
last seen2016-02-03
modified2006-02-01
published2006-02-01
reporterAliaksandr Hartsuyeu
sourcehttps://www.exploit-db.com/download/27156/
titleSZUserMgnt 1.4 Username Parameter SQL Injection Vulnerability

References