Vulnerabilities > CVE-2006-1706 - SQL Injection vulnerability in ShopWeezle

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
kansok-communications
exploit available
NVD
Published: 2006-04-11
Updated: 2017-07-20

Summary

Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.

Vulnerable Configurations

Part Description Count
Application
Kansok_Communications
4

Exploit-Db

  • descriptionShopWeezle 2.0 memo.php itemID Parameter SQL Injection. CVE-2006-1706. Webapps exploit for php platform
    idEDB-ID:27614
    last seen2016-02-03
    modified2006-04-10
    published2006-04-10
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27614/
    titleShopWeezle 2.0 memo.php itemID Parameter SQL Injection
  • descriptionShopWeezle 2.0 index.php Multiple Parameter SQL Injection. CVE-2006-1706. Webapps exploit for php platform
    idEDB-ID:27613
    last seen2016-02-03
    modified2006-04-10
    published2006-04-10
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27613/
    titleShopWeezle 2.0 index.php Multiple Parameter SQL Injection
  • descriptionShopWeezle 2.0 login.php itemID Parameter SQL Injection. CVE-2006-1706. Webapps exploit for php platform
    idEDB-ID:27612
    last seen2016-02-03
    modified2006-04-10
    published2006-04-10
    reporterr0t
    sourcehttps://www.exploit-db.com/download/27612/
    titleShopWeezle 2.0 login.php itemID Parameter SQL Injection

References