Vulnerabilities > CVE-2006-3012 - Unspecified vulnerability in Eschew.Net PHPbannerexchange

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

eschew-net

NVD

Published: 2006-06-19

Updated: 2024-11-21

Summary

SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via the (1) login parameter in (a) client/stats.php and (b) admin/stats.php, or the (2) pass parameter in client/stats.php.

Vulnerable Configurations

Part	Description	Count
Application	Eschew.Net Eschew.Net Phpbannerexchange 2.0_Update_4 Eschew.Net Phpbannerexchange 2.0_Update_1 Eschew.Net Phpbannerexchange 2.0_Update_2 Eschew.Net Phpbannerexchange 2.0_Update_3 Eschew.Net Phpbannerexchange 2.0 Eschew.Net Phpbannerexchange 2.0_Update_5	6

Packetstorm

data source	https://packetstormsecurity.com/files/download/47616/rt-sa-2006-004.txt
id	PACKETSTORM:47616
last seen	2016-12-05
published	2006-06-25
reporter	RedTeam Pentesting
source	https://packetstormsecurity.com/files/47616/rt-sa-2006-004.txt.html
title	rt-sa-2006-004.txt

Summary

Vulnerable Configurations

Packetstorm

References