Vulnerabilities > CVE-2006-1098 - Unspecified vulnerability in Digital Builder NZ Ecommerce

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
digital-builder
exploit available

Summary

Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem

Vulnerable Configurations

Part Description Count
Application
Digital_Builder
1

Exploit-Db

descriptionNZ Ecommerce System 0 index.php Multiple Parameter SQL Injection. CVE-2006-1098. Webapps exploit for php platform
idEDB-ID:27344
last seen2016-02-03
modified2006-03-02
published2006-03-02
reporterr0t
sourcehttps://www.exploit-db.com/download/27344/
titleNZ Ecommerce System - index.php Multiple Parameter SQL Injection