Vulnerabilities > CVE-2006-1828 - Unspecified vulnerability in PHP121 Instant Messenger

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
php121
exploit available
NVD
Published: 2006-04-19
Updated: 2024-11-21

Summary

SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement.

Vulnerable Configurations

Part Description Count
Application
Php121
1

Exploit-Db

descriptionPHP121 Instant Messenger <= 1.4 Remote Code Execution Exploit. CVE-2006-1828. Webapps exploit for php platform
fileexploits/php/webapps/1666.php
idEDB-ID:1666
last seen2016-01-31
modified2006-04-12
platformphp
port
published2006-04-12
reporterrgod
sourcehttps://www.exploit-db.com/download/1666/
titlePHP121 Instant Messenger <= 1.4 - Remote Code Execution Exploit
typewebapps

References