Vulnerabilities > CVE-2006-1536 - SQL Injection vulnerability in Phxcontacts 0.93/0.93.1

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phoetux-net
exploit available
NVD
Published: 2006-03-30
Updated: 2018-10-18

Summary

Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.

Vulnerable Configurations

Part Description Count
Application
Phoetux.Net
2

Exploit-Db

  • descriptionPhxContacts 0.93 contact_view.php id_contact Parameter SQL Injection. CVE-2006-1536 . Webapps exploit for php platform
    idEDB-ID:27511
    last seen2016-02-03
    modified2006-03-29
    published2006-03-29
    reporterMorocco Security Team
    sourcehttps://www.exploit-db.com/download/27511/
    titlePhxContacts 0.93 contact_view.php id_contact Parameter SQL Injection
  • descriptionPhxContacts 0.93 carnet.php Multiple Parameter SQL Injection. CVE-2006-1536 . Webapps exploit for php platform
    idEDB-ID:27510
    last seen2016-02-03
    modified2006-03-29
    published2006-03-29
    reporterMorocco Security Team
    sourcehttps://www.exploit-db.com/download/27510/
    titlePhxContacts 0.93 carnet.php Multiple Parameter SQL Injection

References