Vulnerabilities > CVE-2006-1536 - SQL Injection vulnerability in Phxcontacts 0.93/0.93.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts 0.93.1 beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) motclef and (2) nbr_line_view parameters in (a) carnet.php, and the (3) id_contact parameter in (b) contact_view.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description PhxContacts 0.93 contact_view.php id_contact Parameter SQL Injection. CVE-2006-1536 . Webapps exploit for php platform id EDB-ID:27511 last seen 2016-02-03 modified 2006-03-29 published 2006-03-29 reporter Morocco Security Team source https://www.exploit-db.com/download/27511/ title PhxContacts 0.93 contact_view.php id_contact Parameter SQL Injection description PhxContacts 0.93 carnet.php Multiple Parameter SQL Injection. CVE-2006-1536 . Webapps exploit for php platform id EDB-ID:27510 last seen 2016-02-03 modified 2006-03-29 published 2006-03-29 reporter Morocco Security Team source https://www.exploit-db.com/download/27510/ title PhxContacts 0.93 carnet.php Multiple Parameter SQL Injection