Vulnerabilities > CVE-2006-1098 - Unspecified vulnerability in Digital Builder NZ Ecommerce
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN digital-builder
exploit available
Summary
Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | NZ Ecommerce System 0 index.php Multiple Parameter SQL Injection. CVE-2006-1098. Webapps exploit for php platform |
id | EDB-ID:27344 |
last seen | 2016-02-03 |
modified | 2006-03-02 |
published | 2006-03-02 |
reporter | r0t |
source | https://www.exploit-db.com/download/27344/ |
title | NZ Ecommerce System - index.php Multiple Parameter SQL Injection |