Vulnerabilities > CVE-2006-1328 - SQL Injection vulnerability in Skull-Splitter Download Counter for Wallpapers Count.PHP

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

skull-splitter

NVD

Published: 2006-03-21

Updated: 2018-10-18

Summary

SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter.

Vulnerable Configurations

Part	Description	Count
Application	Skull-Splitter Skull Splitter Download Counter Wallpaper *	1

Packetstorm

data source	https://packetstormsecurity.com/files/download/45095/EV0105.txt
id	PACKETSTORM:45095
last seen	2016-12-05
published	2006-04-01
reporter	Aliaksandr Hartsuyeu
source	https://packetstormsecurity.com/files/45095/EV0105.txt.html
title	EV0105.txt

References

http://evuln.com/vulns/105/summary.html
http://secunia.com/advisories/19314
http://securityreason.com/securityalert/649
http://www.osvdb.org/23972
http://www.securityfocus.com/archive/1/429255/100/0/threaded
http://www.securityfocus.com/bid/17156
http://www.vupen.com/english/advisories/2006/1004
https://exchange.xforce.ibmcloud.com/vulnerabilities/25316