Vulnerabilities > CVE-2006-2508 - HTML Injection vulnerability in YourFreeWorld Stylish Text Ads Script

CVSS 6.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

yourfreeworld

NVD

Published: 2006-05-22

Updated: 2018-10-18

Summary

SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php.

Vulnerable Configurations

Part	Description	Count
Application	Yourfreeworld Yourfreeworld Stylish Text ADS Script *	1

References

http://secunia.com/advisories/20213
http://securityreason.com/securityalert/931
http://www.osvdb.org/25691
http://www.osvdb.org/25692
http://www.securityfocus.com/archive/1/434527/100/0/threaded
http://www.securityfocus.com/bid/18044
http://www.vupen.com/english/advisories/2006/1897
https://exchange.xforce.ibmcloud.com/vulnerabilities/26569
https://exchange.xforce.ibmcloud.com/vulnerabilities/26570