Vulnerabilities > CVE-2006-2126 - SQL Injection vulnerability in Avalon LTD Maxtrade 1.0.1

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

avalon-ltd

exploit available

NVD

Published: 2006-05-01

Updated: 2017-07-20

Summary

SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters.

Vulnerable Configurations

Part	Description	Count
Application	Avalon_Ltd Avalon LTD Maxtrade 1.0.1	1

Exploit-Db

description	MaxTrade 1.0.1 Multiple SQL Injection Vulnerabilities. CVE-2006-2126. Webapps exploit for php platform
id	EDB-ID:27787
last seen	2016-02-03
modified	2006-05-01
published	2006-05-01
reporter	r0t
source	https://www.exploit-db.com/download/27787/
title	MaxTrade 1.0.1 - Multiple SQL Injection Vulnerabilities

References

http://pridels0.blogspot.com/2006/04/maxtrade-sql-inj.html
http://secunia.com/advisories/19876
http://www.osvdb.org/25122
http://www.securityfocus.com/bid/17765
http://www.vupen.com/english/advisories/2006/1581
https://exchange.xforce.ibmcloud.com/vulnerabilities/26171