Vulnerabilities > CVE-2006-1706 - Unspecified vulnerability in Kansok Communications Shopweezle

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
kansok-communications
exploit available
NVD
Published: 2006-04-11
Updated: 2024-11-21

Summary

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

Vulnerable Configurations

Part Description Count
Application
Kansok_Communications
4

Exploit-Db

  • descriptionShopWeezle 2.0 memo.php itemID Parameter SQL Injection. CVE-2006-1706. Webapps exploit for php platform
    idEDB-ID:27614
    last seen2016-02-03
    modified2006-04-10
    published2006-04-10
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27614/
    titleShopWeezle 2.0 memo.php itemID Parameter SQL Injection
  • descriptionShopWeezle 2.0 index.php Multiple Parameter SQL Injection. CVE-2006-1706. Webapps exploit for php platform
    idEDB-ID:27613
    last seen2016-02-03
    modified2006-04-10
    published2006-04-10
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27613/
    titleShopWeezle 2.0 index.php Multiple Parameter SQL Injection
  • descriptionShopWeezle 2.0 login.php itemID Parameter SQL Injection. CVE-2006-1706. Webapps exploit for php platform
    idEDB-ID:27612
    last seen2016-02-03
    modified2006-04-10
    published2006-04-10
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27612/
    titleShopWeezle 2.0 login.php itemID Parameter SQL Injection

References