Vulnerabilities > CVE-2006-1710 - SQL Injection vulnerability in Design Nation Dnguestbook 2.0

CVSS 7.6 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

high complexity

design-nation

exploit available

NVD

Published: 2006-04-11

Updated: 2017-10-19

Summary

SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. Successful exploitation requires that "magic_quotes_gpc" is disabled.

Vulnerable Configurations

Part	Description	Count
Application	Design_Nation Design Nation Dnguestbook 2.0	1

Exploit-Db

description	dnGuestbook <= 2.0 Remote SQL Injection Vulnerabilities. CVE-2006-1710. Webapps exploit for php platform
file	exploits/php/webapps/1653.txt
id	EDB-ID:1653
last seen	2016-01-31
modified	2006-04-09
platform	php
port
published	2006-04-09
reporter	snatcher
source	https://www.exploit-db.com/download/1653/
title	dnGuestbook <= 2.0 - Remote SQL Injection Vulnerabilities
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References